ProVision Network Monitor: A Value Approach to Windows NT Network Management

Hands On: ProVision Network Monitor

There is an obvious distance between sprawling, enterprise-oriented network management products such as Unicenter TNG from Computer Associates Int’l Inc. and Hewlett-Packard Co.’s OpenView, and not monitoring a network at all. The sophistication and complexity of the large-scale management products require both large-scale financial investments and a large-scale technical staffing.

Somewhere between the mammoth packages and network anarchy is ProVision Network Monitor from Platinum Technology. Network Monitor truly is an enterprise tool because it can see across a network to monitor Windows NT servers, devices with IP or IPX addresses, and SNMP devices. In addition, administrators can configure Network Monitor to keep tabs on log files, and to check to see if new log entries need to be examined. Network Monitor’s ability to scan log files is not limited to the files on Windows NT servers; any system that creates ASCII logs and makes them available over a network can be monitored.

We installed Network Monitor on a box running Windows NT Server 4.0 with Service Pack 3. The installation process is simple: The only major requirement is a post-installation reboot of the system. On its initial startup, Network Monitor goes out and automatically discovers devices and IP addresses on the network and makes them available on a list for immediate monitoring. In fact, this impressive feature could be a little too much of a good thing: Our test lab has a private IP network built from addresses in the 10.x.y.z IP address range. Network Monitor, sensing that it has found an active IP address in that range begins to scan the entire class A IP address space for further devices, a process that could easily take hours. Fortunately, Network Monitor provides a way to interrupt the search, and save the IP addresses collected prior to the interruption.

Network Monitor provides the ability to add devices to the list that it has discovered automatically. Once the list of devices to be monitored is complete, Network Monitor allows you to categorize the devices into groups that have common management properties. For instance, some devices might require immediate attention by network management staff while other events might only require that a mail message be sent to helpdesk staff. Network Monitor has an intuitive approach to building groups from a list of all known groups being monitored. Since effective grouping of network resources with similar monitoring requirements is crucial to making the reporting task manageable, Network Monitor’s flexibility in setting up groups is welcome.

Finding devices and binding them into groups to be monitored is a common network management task. Other commercial and home-grown approaches to device monitoring exist, but Network Monitor earns its keep with reporting abilities.

Once a network manager has identified groups of similar devices, he or she can then proceed to create notification and alarm rules for each device group. These rules are used to control who is notified and what notification method is used when a device from the group fails or exceeds an alarm threshold. In practice, we were able to page an Internet specialist when our Web server failed and a NetWare expert when NetWare nodes had problems.

Network Monitor has a healthy set of notification methods available, including the ability to send notes to alphanumeric pagers, e-mail messages, forward standard formatted information to other SNMP systems, launch programs or batch files at the server, and send messages via TCP/IP or the serial port. Other packages have the ability to dial a phone number and use voice synthesis to alert network staff to problems, a feature missing so far from Network Monitor. Another common feature missing from Network Monitor is the ability to escalate the notification process if an event has not been responded to within a certain length of time.

In addition to a huge database of standard SNMP traps, the product provides an Event-to-Trap translator that converts non-SNMP alarms and events into SNMP traps. The SNMP forwarding option is especially valuable in large networks, because it means that a Windows NT manager can test for nearly any network event and then forward the result to enterprise management platforms such as OpenView or Unicenter TNG.

Network Monitor is excellent at providing technical staff with a great deal of flexibility in establishing network event and alarm notification, but its Network Report Card (NRC) is useful in converting reams of network status data into something meaningful to managers and end users. The NRC allows managers to take the established device groups and set network performance standards for them. We were able to easily establish the procedure to post views of network quality on a Web server. Once the procedure was in place, we scheduled routine updates. These reports can be used to avoid the common conflicts between harried network managers and users who perceive that the network is always slow. Our only concern was that our 200 MHz Pentium II nearly ground to a halt as we processed the information needed to generate each report.

Overall, Network Monitor is refreshing because it concentrates on the service perspective of network management rather than on the device perspective. Because most users view the quality of the network as the quality of network services being provided, they seldom care about intermediate devices and SNMP reporting. By providing the tools to do quality of service and management reporting with traditional, essential network device monitoring, Network Monitor provides a wealth of power in a single toolbox. Those features, in combination with its modest price, make Network Monitor Enterprise a worthwhile tool for the management of Windows NT networks. --Mark McFadden is a consultant and is communications director for the Commercial Internet eXchange (Washington). Contact him at

ProVision Network Monitor
Platinum Technology
1815 South Meyers Road
Oakbrook Terrace, Ill.
(800) 442-6861
Price: Starts at $500 per server; $5,000 per 250 SNMP devices; $13,000 for unlimited SNMP devices.
+ Extremely easy to install and set up.
+ Rock-solid integration with SNMP servers.
+ Focuses on service quality as well as device management.
+ Custom event notification by device groupings.
- Missing some typical event notification methods.
- Service quality reporting is processor-intensive.