Network Management Paper Snmp Vs Wmi

  • Uploaded by: Berry Hoekstra
  • 0
  • 0
  • December 2019
  • PDF

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA


Overview

Download & View Network Management Paper Snmp Vs Wmi as PDF for free.

More details

  • Words: 2,776
  • Pages: 13
Berry Hoekstra (215806)

SNMP & WMI One too many?

School Hogeschool van Amsterdam Institute Instituut voor Informatica Business Unit Advanced System and Network Engineering Course Network Management

Abstract This paper is about the Simple Network Management Protocol ( SNMP ) and Windows Management Instrumentation ( WMI ), two different methods to monitor and manage your network infrastructure. SNMP SNMP is the Simple Network Management Protocol. The protocol can be used to monitor devices connected to a network. This is done through a network management system. To successfully monitor devices connected to a network there are certain requirements: Agent An SNMP agent is software, it is needed on the connected device (routers, switches, workstations ) to gather and store the device’s management information and send it to the manager. Manager The manager is called a Network Management System ( NMS ), it manages all the incoming information that is received from the device agents on the network. Protocol The protocol describes how all the information gathered by the agent is sent to the manager. There are three different SNMP versions. SNMPv1 and SNMPv2 are almost the same, the only difference is that SNMPv2 can send bulk requests in one packet, where SNMPv1 has to send multiple packets. SNMPv3 adds more security features like users with passwords, user groups and packet encryption. WMI To monitor your hardware and software using the WMI protocol, you must run a Windows operating system. WMI comes with all modern Windows operating systems. Management information is gathered using providers. Providers gather the information and store it in a CIM Repository. Management Applications get the management information from the CIM Repository. WMI has support for extensions, so new extensions can be included in Microsoft products. WMI can provide more comprehensive information on ( Microsoft ) software than any version of SNMP. Conclusion SNMP is a very straight-forward protocol to manage any network device with a network cable plugged in and an IP address. WMI is a more extensive way to produce and process management information. Not only hardware can be monitored using WMI, but also software. I think I can safely conclude that both SNMP (any version) and WMI can co-exist. It depends on the company’s needs to determine what protocol is best.

1

Table of Contents Abstract ................................................................................................................................................... 1 Table of Contents .................................................................................................................................... 2 1.

Introduction ..................................................................................................................................... 3

2.

Network management and monitoring........................................................................................... 4

3.

Research .......................................................................................................................................... 5 3.1.

SNMP ....................................................................................................................................... 5

3.1.1.

Monitoring ....................................................................................................................... 5

3.1.2.

Versions ........................................................................................................................... 6

3.2.

WMI ......................................................................................................................................... 7

3.2.1. 4.

Monitoring ....................................................................................................................... 7

Results ........................................................................................................................................... 10 4.1.

SNMP ..................................................................................................................................... 10

4.2.

WMI ....................................................................................................................................... 10

5.

Conclusion ..................................................................................................................................... 11

6.

Resources ...................................................................................................................................... 12

2

1. Introduction This paper is about the Simple Network Management Protocol ( SNMP ) and Windows Management Instrumentation ( WMI ), two different methods to monitor and manage your network infrastructure. This paper is written for the course Network Management at the Hogeschool van Amsterdam. The purpose of the paper is to research SNMP and WMI and to determine if they work well as a team or if they are better off as a one man band.

3

2. Network management and monitoring In the world of today, almost every company makes use of an IT infrastructure to make life easier. E-mail solutions, central database systems, web servers, developer environments, test environments, employee workstations, and many other company aspects are all are part of a company’s IT infrastructure. These assets are all running on servers in a company’s network. Of course, all companies differ from each other, but most of the time, the company network is a key business aspect. If the network is down, the company is down also. This makes the network very important to monitor. IT administrators of small companies can often monitor the machines in the network by hand. But as the company grows, the network grows. And as the network grows, the work for the IT administrators piles up. This can be solved by expanding the IT department, or it can be solved in a different way. Administrators need to know what’s happening on their networks at all times. This includes real-time and historical information like CPU and memory usage, performance statistics, and status of every device, application, and all data on the network. It is hard to do this by hand. So if you have a large network to administer, it may be more convenient to monitor your network from a central place. This is the domain of network monitoring, the most critical function of network management. The only way to know if everything on your network is operating as it should, is to monitor it continuously. Monitoring can be done in different ways. The most common way is to make use of management protocols. These protocols can be used to ask and send information to management tools that can make the information readable to humans. There are different ways to access the information for the devices to monitor. Some examples are: SNMP Command Line Interfaces ( CLI ) Custom XML CMIP Windows Management Instrumentation ( WMI ) Transaction Language 1 CORBA Netconf Java Management Extensions ( JMX ) WBEM Common Information Model ( CIM ) The most used method is SNMP. And since almost every workstation and many servers are using a Microsoft operating system, WMI is a bound to be the next popular method, although it is not widely used, yet. Is one of these two management protocols unnecessary? I will discuss the matter in the following chapters. [1]

4

3. Research In this chapter I’ll look into both SNMP and WMI and look into the possible solutions both protocols have.

3.1.

SNMP

SNMP is the Simple Network Management Protocol. It is part of the Internet Protocol Suite, a set of communication protocols used for networks like the internet. [3,4] The SNMP protocol can be used to monitor devices connected to a network. This is done through a network management system. According to RFC3411, SNMP consists of a set of standards for network management, including an Application Layer protocol, a database schema, and a set of data objects. These standards are used to gather the information needed to monitor network devices successfully. [8] 3.1.1. Monitoring To successfully monitor devices connected to a network there are certain requirements: Agent An SNMP agent is software, it is needed on the connected device to gather and store the device’s management information and send it to the manager in a SNMP compatible format. Devices can be any device, like routers, hubs, switches, workstations, printers and VoIP phones. [3] Manager The manager is called a Network Management System ( NMS ), it manages all the incoming information that is received from the device agents on the network. This is done using a protocol. [5] Protocol The protocol describes how all the information gathered by the agent is sent to the manager. SNMP uses SMI, the Structure of Management Information. SMI defines managed objects in a Management Information Base ( MIB ). A MIB stores collections of objects in a ( virtual ) database. This database is used to manage devices connected in a network. [6,7] If all three requirements are met, devices can be successfully administered and monitored. The SNMP agent is collecting the data from a device in a network in a SNMP compatible format. The SNMP MIB stores the objects in the database, while SMI defines these objects so that the management data is available to the Network Management System.

5

3.1.2. Versions Not every company has the same management needs. SNMP is used in many different networks, varying in size and complexity. Some network environments may require a different approach. Therefore there are different versions of SNMP designed to address specific management problems, like the level of security in a specific company. The SNMP architecture is designed to evolve. The purpose of this is so new models can be designed to add functionality to, or replace, the existing ones. However, the interactions between different models could result in problems like incompatibility and security issues. RFC3584 ( this RFC obsoletes RFC2576 ) describes the "Coexistence between Version 1, Version 2, and Version 3 of the Internet-Standard Network Management Framework". [9,10] So SNMP comes in three different versions, SNMPv1, SNMPv2 and SNMPv3. SNMPv1 & SNMPv2 The first two versions are very much alike. They both use the same method to detect SNMP packets in the network packet stream. A string is attached to each SNMPv1 and SNMPv2 packet to identify it. The string is called a community string. The SNMP agent uses this packet to determine if it should be processed or discarded. [11] The difference between the first two versions is that SNMPv2 protocol has a few more features available. Features like putting a large number of SNMP request in one SNMP packet, this was not possible in the initial version. The first version also uses an older version of the SMI, while SNMPv2 uses SMIv2. This is a version that has a lot more data types like 64bit counters. The end user will probably not notice the difference between the two versions, as the differences are mainly internal. [13] SNMPv3 SNMPv3 was designed to fix the weak security in the first two version of the SNMP protocol. SNMPv3 also uses SMIv2 to define managed objects, as it is based on SNMPv2. As stated above, SNMPv1 and SNMPv2 use community strings to identify the SNMP packets. These strings are attached to the packet in plain text, this method is not very secure. SNMPv3 is designed to make the protocol more secure by using an authentication method with users and passwords, and by adding the possibility to encrypt the SNMP packets. It also defines user groups and MIB-views which enable an SNMP agent to control the access to its MIB objects. A MIB-view is a subset of the MIB. You can use MIB-views to define what part of the MIB a user can read (SNMP GET/GETNEXT) or write (SNMP SET). The SNMPv3 framework can also be used with V1 and V2 but it was defined for SNMPv3. [13]

6

3.2.

WMI

WMI stands for Windows Management Instrumentation. It is developed by Microsoft for its Windows operating systems. It is an implementation of Web-based Enterprise Management (WBEM), which is a standard technology for accessing management information over a network. WMI uses the Common Information Model (CIM) industry standard to represent systems, applications, networks, devices, and other managed components. The WMI interfaces are based on the Component Object Model (COM) type of middleware. [14] The Windows Management Instrumentation (WMI) protocol is used to gather management information about hardware, software, and operating system components. WMI can be used in all Windows-based applications, and is most useful in enterprise applications and administrative scripts. It can be used to monitor both software and hardware and to automate tasks in a Windows environment. [14,15] 3.2.1. Monitoring To monitor your hardware and software using the WMI protocol, you must run a Windows operating system. WMI is preinstalled in Windows 2000, 2003 and 2008 (including Windows ME). For older operating systems like Windows 95 and Windows 98, it is available as a download. [14] If WMI is installed, enabled and running on your Windows machine, it can provide a management application with the management information that has been collected. The collecting of management information is done by a provider. A provider monitors a managed object like a hard disk, and provides WMI with the data it collected. The collected management information is stored in the CIM repository. The CIM repository acts as a storage area for the management information collected by the various providers. I will discuss more on this later on in the paper. Part of WMI is the Windows Management service, or the CIM Object Manager. It acts as an intermediary between the providers, management applications, and the CIM repository, placing information from a provider into the repository. The Windows Management service also accesses the CIM repository in response to queries and instructions from management applications.

A management application queries the Windows Management service for information regarding a managed object and instructs the Windows Management service to send instructions to a managed object.

7

When installing a Microsoft product like SQL Server, Microsoft Office or Exchange Server, an extension of the CIM object model is installed along with the product. The CIM object model is used by management applications to read the management information. The extension is called a WMI class. This class will allow the gathering of management information on the specific product it installed along with. The newly installed WMI class allows the provider to access the information gathered by the WMI class. A provider is just a simple DLL file using COM middleware objects. Because a provider is designed to access some specific management information, the CIM repository is also logically divided into several areas called namespaces. Each namespace contains a set of providers with their related classes specific to a management area (i.e. RootDirectoryDAP for Active Directory, RootSNMP for SNMP information or RootMicrosoftIISv2 for Internet Information Services information. The figure below shows how the CIM repository is divided.

As you can see in the CIM repository image above, in the WMI CIM Repository is a namespace called RootSNMP. This namespace contains SNMP providers that act as gateways to systems and devices that use the SNMP protocol for management. SNMP MIB object variables can be read and written. SNMP traps can be automatically mapped to WMI events. The SNMP Provider includes the following components: Class Instance Event Provider These components integrate the SNMP information modeling and processing into WMI. These SNMP providers map the collected management information to property values of CIM class instances. An

8

SNMP information module compiler is used to compile native SNMP schema information into the format that CIM uses. [2] With all these providers, a huge amount of management information is available in the CIM repository. It is the job of the management application to locate the right information. To do this, Microsoft implemented a database language called the WMI Query Language. This query language is based on the SQL database language. Scripting languages like VBScript or Windows PowerShell can also be used in conjunction with WMI to manage Microsoft Windows personal computers and servers, this can be done both locally and remotely. Microsoft also provides a command line interface to WMI called Windows Management Instrumentation Command-line (WMIC). [14,15]

9

4. Results This chapter discusses the results of the research.

4.1.

SNMP

The three different SNMP versions are not that different after all. SNMPv1 and SNMPv2 are almost the same, the only difference is that SNMPv2 can send bulk requests in one packet, where SNMPv1 has to send multiple packets. SNMPv3 adds more security features like users with passwords, user groups and packet encryption. Not every enterprise needs this degree of security. All versions are compatible with each other.

4.2.

WMI

WMI is Microsoft’s own management protocol. It has support for extensions, so new extensions can be included in new Microsoft products. WMI can provide more comprehensive information on ( Microsoft ) software than any version of SNMP. It also has support for SNMP, so if SNMP is already used in a network, WMI can be easily added as a management protocol.

10

5. Conclusion SNMP is a very straight-forward protocol to manage any network device with a network cable plugged in and an IP address. It is called the Simple Network Management Protocol, right . WMI is a more extensive way to produce and process management information. Not only hardware can be monitored using WMI, but also software. Microsoft’s implementation also includes support for SNMP, which makes it easier for network engineers to implement WMI into a network infrastructure. I think I can safely conclude that both SNMP (any version) and WMI can co-exist. It depends on the company’s needs to determine what protocol is best. If a company has a large Microsoft environment set up, it is best to install both WMI and SNMP on the machines. If a company decides that only some of the network elements need monitoring, it is not necessary to implement both methods in the infrastructure. Also, if software monitoring is important, WMI can provide more comprehensive management information. To monitor the network infrastructure completely, it is best to install both.

11

6. Resources A list of the resources used during the research can be found below. General 1. http://en.wikipedia.org/wiki/Network_management 2. http://charlesconradvaz.wordpress.com/2004/09/22/wmi-and-snmp/ SNMP 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13.

http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol http://en.wikipedia.org/wiki/Internet_Protocol_Suite http://en.wikipedia.org/wiki/Network_management_system http://en.wikipedia.org/wiki/Structure_of_Management_Information http://en.wikipedia.org/wiki/Management_information_base http://tools.ietf.org/html/rfc3411 http://tools.ietf.org/html/rfc2576 http://tools.ietf.org/html/rfc3584 http://tools.ietf.org/html/rfc1157 http://tools.ietf.org/html/rfc2578 http://support.ipswitch.com/kb/WG-20041105-DM01.htm

WMI 14. http://en.wikipedia.org/wiki/Windows_Management_Instrumentation 15. http://msdn.microsoft.com/en-us/library/aa394582.aspx

12

Related Documents

Network Management: Snmp
November 2019 10
Snmp
June 2020 19
Snmp
October 2019 20
Snmp
November 2019 30

More Documents from ""