Network Topology

Enterprise Network Topology

 Argent Enterprise views corporate infrastructure as a Main Network and remote Network Domains connected through the Argent Transport Backbone (ATB).

Let’s say there is one main office and multiple satellite offices. Each location has a LAN. In this case, the LAN at the main office can be the Main Network while the LANs at the satellite offices are remote Network Domains.

 Each Network Domain can consist of one or multiple Network Segments. It could be physical network segments such as 192.168.1.*, 192.168.10.* etc., or it could be the intranet and DMZ.

The integrity of a corporate infrastructure is guaranteed at two levels:   

  1. Control Center monitors the end-to-end connectivity between Main Network and each Remote Network Domain by executing Round Trip Tests periodically.  
  2. Control Center monitors the connectivity within the Main Network, while the Domain Observer monitors connectivity within each remote Network Domain.

Within each Network Domain of multiple network segments, multiple Segment Inspectors may be necessary depending on how those network segments are physically connected.

Users should prepare the Argent Enterprise Infrastructure to match the actual physical layout. To create a remote Network Domain, simply use the context menu.

Network Domain Properties

Network Topology can be scanned programmatically using the GUI.

To do so, users should define scanning parameters for the Network Domain first, then do scanning in the Domain Topology.

When users first open the Enterprise Network bar, they will be automatically prompted to do so.

1.    Network Discovery

Center Contacting Interval

It is the interval that Domain Observers in this Network Domain should communicate with the Control Center.

 Additional Device Dependencies Of Connection To Control Center

It defines additional known hops between Control Center and Domain Observers at the remote Network Domain. Because a router or bridge can have insider/outsider addresses, it can present different IP addresses depending on the point of view. As a result, routes of both Center to Domain and Domain to Center could be defined.

Run Topology Discovery On All Attached Network Interfaces

A server may have multiple network interfaces. Sometimes a network interface may only be used in a local virtual machine environment, or for private communication etc.

Users may want to exclude some network interfaces from topology scanning. In this case, users should uncheck this option and manually specify the IP range.

Domain Location  (Informational only)

It can be selected from a list of cities or countries. If the users city is not in the combo list, users can either manually enter into the box, or update theLocation Definitions’ under the ‘Administration’ folder in the ‘Control Information’ section.

Network Administrator (Informational only)

Contact Email  (Informational only)

Contact Phone (Informational only)

Network Connection (Informational only)

Protected By Firewall (Informational only) 

2.    SNMP Discovery

SNMP parameters are essential to topology discovery. Argent Enterprise relies on the querying BRIDGE-MIB (RFC1493) to figure out network connections. Users should define the SNMP fields carefully

Query OID

The default value is 1.3.6.1.2.1.1.5.0. Program queries this standard OID to determine if a device supports the SNMP interface.

Community (String)

Default value ispublic. This is the community string for SNMPv1 and SNMPv2. It is essentially the password.  

SNMP Port

Default value is 161. Unless users network has a customized port number for security reasons, this field should be left alone

Protocol

Default value is SNMPv1. It can be SNMPv1, SNMPv2c or SNMPv3.

User Name (SNMPv3 Only)

SNMPv3 user name.

Authentication Password (SNMPv3 Only)

SNMPv3 authentication password and protocol (MD5, SHA or None).

Encryption Password (SNMPv3 Only)

SNMPv3 encryption password and algorithm (DES, AES, 3DES or None)

 3.    Active Directory Discovery

 Active Directory provides OS information of discovered nodes. It can also list nodes that are not running that an IP scan wouldn’t be able to pick up

 Use Active Directory To Retrieve OS Information

This option is turned on by default.  It should be turned off for non-Active-Directory environment.

Filtering Option

This feature can be used to filter out unwanted nodes.

Only Find Computers In The Active Directory Container

Another filtering option using LDAP paths and Active Directory distinguished names

Use Explicit Domain Account

Basically allows you to specify alternate credentials when

communicating with Active Directory. It can be useful if Argent Enterprise is installed on a workgroup server for security reasons.

4.    VMware

Querying VMware vCenter or ESX hosts can generate additional logical dependencies other than topology ones.

For example, virtual machine A resides on ESX host B.

If ESX host B goes off-line, server A is also off-line.

Instead of reporting that server A is not available, the rootcause that ESX host B is off-line should be reported.

Query VMware Environment To Determine ESX Host And VM Names

This option is off by default. Use it if the user has such a VMware environment.

All other fields on the screen are self-explanatory.

5.    WMI

WMI can be used to query network interfaces on a Windows machine. This can generate additional IP addresses that a Windows machine may have. At this point this is informational only. Even if the Control Center or Domain Observer knows a Windows machine has an IP on another network segment, it may not be able to access it. It all depends on how network routing is configured.

By default, this option is turned off.

6.    Non-Windows

Argent Enterprise cannot automatically determine Linux/Unix or Mac machines. If no additional information is provided, the discovered nodes would be reported as simple IP devices. Users can specify these non-Windows machines. The program matches discovered MAC address or IP addresses, and reports the correct node names and OS types.

 7.    Other Credentials

Users can specify logon/password for Linux/Unix servers or Windows machines in other domains.

Argent Enterprise uses the information to run its monitoring logic.

Network Topology

Network Topology is the topology of server/devices within the same Network Domain. The routes between Control Center and remote Network Domains are specified in theAdditional Device Dependencies Of Connection To Control Center

Users can scan the network topology using the context menu.

Then user should see prompt to select the network segment to scan.

The scanning process is shown in the console window as follows:

When it completes, the result is shown in the Domain Topology.

If there is another network segment to scan, change the default segment first. In the following example, segment{default}is changed toIT.

Then scan another network segment, and rename the default segment name to a more appropriate one.

Due to the SNMP BRIDGE-MIB requirement, and IP devices may not be online while doing the topology scanning, some servers/devices may not be discovered by the product. It may be necessary to manually add/remove nodes in the topology database.

For example, first we enter the gateway192.168.1.1. The type should beSwitch, and connected to {TOP LEVEL}. Then we enter a file server192.168.1.244connected to gateway192.168.1.1.

Use the menuDeleteto delete the whole network segment.

Use the ‘Merge’ option in the context

menu to combine two segments into one segment.

If we assume the gateway192.168.2.1sits behind ISP gateway192.168.1.1. We can first merge segmentITto{default}.

Then we craft192.168.2.1’ behind192.168.1.1.

At this point, we will have the topology exactly matching the physical layout.

  • Users can export the current topology to an external XML file for backup purposes.
  • UseExportto export.
  • UseRestore Backup XMLto restore topology.
  • UseImport Topology XMLto import a topology XML and add it to current topology.

Besides the backup XML, the menuRevert Changesis also extremely useful in case the user makes some mistakes dealing with a large topology layout.