What's In Your Network?
You may often be perplexed by what you find.
As many times as I ask the question "What's in your network?" the discoveries clients make in finding out the answer often surprises if not perplexes them. But having certain knowledge of what's in your network is as important whether you're responsible for one device or hundreds.
Discovering what's on your network entails:
- Physical inventory -- touching every device may be boring, but it gives an account and may lead to other discoveries, such as what else the device connects to other than the LAN, whether the device connects directly to the LAN or through a hub or switch, and whether the is device managed.
- Active monitoring -- consists of tools that report on network performance, as well as tools within network components that report on performance, security, bandwidth, and other metrics. Staff can become complacent or over-reliant on monitoring and miss vulnerabilities, root causes, and service degradation due to misconfigurations.
- Reporting mechanisms -- these may or may not blend into active monitoring tools. These tools can provide simple reporting or can easily run in an application server or in hosted environments to provide both reporting on and updates to configurations, licensing, and benchmarking.
Automation makes things easier for IT, but an IT manager can fall into the same trap as any other user who gets seduced by technology. Physical inventory reveals what automation doesn't show on a screen or report. It also puts an environment into perspective for IT, as well as gives users in the environment a face to IT. IT needs to touch the devices and endpoints and anything connected to the network. This effort is akin to site surveys and assessments that strengthen your knowledge. An annual physical inventory will reveal that things do move and change, get deleted, or are simply forgotten about.
Most systems, appliances, and gear touching the network have onboard tools and reporting in various formats, including automated for delivery at set frequencies, in real time, or on demand. The real problem is the volume of available data and the time needed to sift through it.
What are the tell-tale signs of complacency? Just ask the question, "What's in your network?" You may get the right answers, but just look around: Do you see dust on the gear? Does the uninterruptible power supply (UPS) have a date code/manufacturer date that is many years old? Is an exact inventory count available? Do IDFs/MDFs look undisturbed? If you'll look, you'll find many other indicators -- and when too many crop up at once you may need to act. Look to be sure:
- Inventory tags match database
- Last tested date of UPS batteries are compared against last date batteries replaced
- Equipment logs have been reviewed, acted upon, and cleared
- All connections in every LAN switch and router port(s) are accounted for
- Look for firmware revision dates
- Check alarm and warning lights
- Listen for equipment fans that don't sound right (grinding, winding, or stuck in humming mode)
Here's what I found on a recent site survey (for familiarization, not assessment:
- PBX turned on and connected to power, UPS, and network that was replaced with hosted solution four years prior
- LAN switches with dual power supplies, with two power cables: one connected to the UPS and one connected to a wall receptacle
- Recent water stains on the floor of an IDF housing switch gear and a building management system (server)
- MDF housing battery bank for carrier equipment and a cabinet full of servers in the same room
- Boxes piled in an IDF closet with no access to power and other service panels or space to walk in and around gear
So, I ask again, "What's in your network?... And, does what's there make sense?
Follow Matt Brunk on Twitter!