Monitoring An Enterprise UC Environment
While monitoring a communications system is not a new concept, applying these techniques to enterprise communication systems is still a young science. This field has only really opened up in the last 10 years with the introduction of IP and IP-based protocols (like SNMP) and web-based management systems which allow system administrators access to low cost tools for Enterprise communication systems. Monitoring
While monitoring a communications system is not a new concept, applying these techniques to enterprise communication systems is still a young science. This field has only really opened up in the last 10 years with the introduction of IP and IP-based protocols (like SNMP) and web-based management systems which allow system administrators access to low cost tools for Enterprise communication systems. Monitoring solutions are often used to augment an element management system in implementing an FCAPS model to manage a communication network.
The purpose of this white paper is to give a simple overview of what can be monitored in an Enterprise communication system.
The following definitions shall be used within this document:
EMS – Element Management System
FCAPS – Fault, Configuration, Accounting, Provisioning, Security
IP – Internet Protocol
IP-PBX – IP-based Private Branch Exchange
LAN – Local Area Network
MAC – Media Access Control (address)
MOS – Mean Opinion Score
MPLS – Multi-Protocol Label Switching
NMS – Network Management System
OSS – Operations Support System
PBX – Private Branch Exchange
PRI – Primary Rate Interface (ISDN trunk)
PSTN – Public Switched Telephone Network (also called Telco)
RBOC/CLEC – Regional Bell Operating company/Competitive Local Exchange Carrier
SIP – Session Initiation Protocol
SNMP – Simple Network Management Protocol
SYSLOG – SYStem LOG
TMS – Telecommunication Management System
UC – Unified Communications
WAN – Wide Area Network
2. Why monitor your UC system?
There are typically five main benefits to organizations that monitor their network. These benefits include:
- Reduce fault resolution time
- Mitigate/eliminate problems in the network before they happen
- Optimize WAN bandwidth and PSTN circuit utilization
- Compliance to regulatory and IT initiatives
- Improve asset & inventory management
One of the first benefits to monitoring your UC network is the ability to reduce fault resolution time. There are several tool sets that are typically found in a monitoring solution which include:
- Log analysis
- Correlated events & root cause analysis
- Diagnostic tools (call trace, trunk tester, voice quality testing)
These tools can be used to resolve instances faster than manual processes. This can be especially true when trying to analyze logs. It is often very difficult to manually find all the clues needed in a short period of time. Logs that contain search strings and correlation capabilities can dramatically improve fault diagnosis time.
A good UC monitoring solution will also take different pieces of information, say different alarms, and correlate them to point an administrator to possible sources of the problem. This correlation is often very fast and might even be provided at the same time the alarms are escalated to the human interface. This can save minutes/hours of time over the ‘trial and error’ approach in debugging problems.
Figure 1: Fault Resolution Time Comparison. Source: ShoreTel research conducted in 2011
In addition, there are often diagnostic tools provided with monitoring solutions to help isolate the problem. There are various useful tools out there like call trace and trunk testing tools. Another useful tool is a voice quality analysis tool that can provide voice quality details as well as mean opinion score analysis to provide an objective analysis of calls that have been labeled “poor” within your network.
A second fundamental benefit of monitoring capabilities is the ability to mitigate and/ or eliminate problems in the network before they happen. This is typically accomplished with integrated tools that provide performance thresholds, historical trending and a system health tool. By using these tools, administrators can be proactive about problems with the unified communications system as these tools provide the ability to characterize the system to establish “normal” behavior and then, as a byproduct, define “abnormal” behavior. Once abnormal behavior is found, it can be analyzed before it escalates and becomes a “problem”.
Optimization is the third benefit. Monitoring functionality allows system operators to verify bandwidth consumption during periods of both high and low traffic. This means that both the IP (WAN) network and the Telco circuits (e.g. PRI’s, T1’s, SIP trunks, etc.) can be analyzed to verify that they support the committed/burst rates that have been negotiated with the different service providers. This can be especially important when using MPLS vendors.
Other optimization tools can provide traffic capacity dimensioning for the trunks as well as the IP network. If you have a good IP-PBX provider, then they have the ability to provide least cost routing that can be combined with your specific traffic patterns and allow you to further optimize your network and trunking to keep transmission costs as low as possible.
Compliance to regulatory and your own IT department initiatives can often be improved by using monitoring capabilities. One example is the ability to actively record who accesses network resources. This and other information is often captured and saved within system logs that create audit trails. Monitoring functionality also exists to help you analyze whether specific incidents that took place (or are taking place) in your network are security threats or simply an issue with the system configuration or operation.
The last fundamental benefit of monitoring is to improve asset and inventory management. Monitoring capabilities exist that allow you to label and track resources in your network by MAC and or IP address. This can be especially useful for tracking telephones that have “moved” locations, as well as users themselves that have relocated. Other uses include quickly determining software levels for various components within the network to help determine if an upgrade is required or has already been performed or if there is a mismatch in functionality due to an incorrect mixture of revision levels.
3. What can and should be monitored?
With the advent of protocols like SNMP, there is a wealth of information that can be costeffectively collected within an Enterprise communication system. However, three key questions still remain, no matter what size the network:
- What kind of information do I need?
- How much information do I really need?
- What do I do with the information once I have it?
The first task is to determine what kind information you need and why? There is a lot of information available in a communications network, not including the router or LAN switch information. For instance, consider Figure 2.
Figure 2: Typical Unified Communications Network Example
There are all kinds of equipment and circuits in a typical UC network that can provide information. Some examples include:
- Telephone switches
- Media gateways
- User telephones
- User applications – softphones, conference bridges, video, wireless, etc.
- Application server equipment (CPU usage, temperatures, power levels, etc.)
- PSTN equipment
- Security and other equipment
In fact, when you start to dive into this you’ll find that there an astonishingly large quantity of information available. Too much information in fact. So, the question comes back to your business needs – what kind of information do you need? Do you really want to constantly monitor your servers and user telephones? Most implementations start off small by focusing on the telephone switches, media gateways and trunking circuits; basically everything needed to keep voice calls (except for the phones) up and running. Applications and application servers are typically monitored as well, but only at a high level until the system administrator gets a handle on their UC network.
The next question is usually how much information is needed? Alarm information is always the first set of information you need to know about. Are there critical faults happening within the VoIP switches, media gateways or application servers? Or are there any major faults, like important services that have stopped running? However, even for alarm information, you will reach a point where you can fall into an information overload situation. For instance, do you really need to know about every telephone that it out of service? For small companies (with less than 25 phones) or enterprises with a larger IT staff, the question could very well be “yes” but for a medium size business this may be more of a distraction than important information. You need to ask yourself, how many phones do you really need to monitor? How many can you realistically monitor?
In addition to capturing critical and major equipment alarm information, you may want to set alarm thresholds. You probably don’t need to know every time there is a change within a particular device but you do want to know if there is some “critical” impacting change. For instance, your network is still up and running but you have reached 80% of your maximum bandwidth. While this event isn’t stopping you from conducting business, systems often start exhibiting “weird” behavior at high performance levels. So, it’s good information to know as well as the alarm information.
High level status and performance information is also a good set of data to have. This information often allows you to get a quick glimpse of the network without investing much effort. It’s something you can look at when time permits to give you a “feel” for your network and potentially prevent problems before they occur, especially in the area of capacity. Monitoring data actually allows you can see how much bandwidth and how many Telco circuits you really need. This then often leads to better dimensioning of your network and ultimately cost savings. For instance, you don’t have to just “throw more bandwidth” at a problem but can actually dimension the network for your needs.
The final question is what to do with all the information. This often depends upon the size of your business. Small companies typically just use the built-in tools from a UC system manufacturer. This provides a simpler configuration for you to manage with a lower cost of entry into UC network monitoring.
Companies with medium size networks will often use a combination of the UC manufacturer tools as well as 3rd party products. Examples here are to use a monitoring application from the UC vendor and then augment it with diagnostic tools like Wireshark. You might even add a simple SNMP monitoring tool, like SNMPc, to your equipment portfolio for monitoring your LAN/WAN equipment.
Large networks often export the information from various network elements into a network management system (NMS) where the information from multiple products is consolidated and correlated. This typically requires the use of standardized protocols like SNMP and SYSLOG by the network elements so that the NMS can collect the proper information. As you can imagine, the level of complexity and cost dramatically increases in this configuration but the capabilities available to a network administrator are usually worth it.
4. Tool sets available
All right. Now you’re ready to set up a monitoring solution. You know what you want to monitor, how much information you’ll want and what you plan to do with all the information. Next you need to decide what kind of tools to use. The great thing is that the available tool set has increased and diversified widely over the last 10 years.
The following list provides a starting point of available tool types. Please note that there are lots of specific tools available that aren’t mentioned in this general list.
- UC equipment manufacturer monitoring functions
- NMS system
- Windows log viewer
- SYSLOG viewer
- SNMP-based tools
Starting with this list, it is up to you to determine what you need or don’t need. For instance, a small to medium business may be fine with an element management system along with diagnostics and monitoring tools that a UC product vendor will supply. If so, there is no need to go to the expense and complexity of deploying a network management system.
On the other hand, if you are an enterprise with lots of equipment and offices to monitor, an NMS is probably a good choice. Even within the network monitoring category there are lots of choices. There are lower cost tools like SNMPc, What’s Up Gold, Splunk, MonitorTools.com and the Solar Winds Orion Network Performance Monitor. On the more expensive side there are full blown network management systems like HP Openview, Zyrion Network Management and Prognosis. At this point your budget usually enters into the equation to help “focus” you on a specific category.
As a third alternative, if you feel comfortable with integrating specific tools into your own configuration, then you may want to check out the plethora of available Windows log viewers, SYSLOG viewers, and various SNMP-based tools. You can combine these tools with the UC vendor’s tools to create your own solution.
The following lists are just some examples of tools that are either available for purchase or as freeware:
Syslog viewer examples
Windows log viewer examples
- Event Viewer in Microsoft Windows XP (built into operating system)
Diagnostics tool examples
- NetIQ Vivinet Diagnostics
- Solarwinds Log and Event Manager
Monitoring and diagnostics capabilities for unified communications systems are becoming more important. Companies that are purchasing new systems should investigate what kinds of built-in monitoring capabilities exist from their vendor (whether they intend to use them initially or not) as this is a way to get low cost monitoring solutions and tools that can be used by an organization of any size. Some vendors, like ShoreTel, offer many of the tools at no cost to their customers which can dramatically decrease the Total Cost of Ownership to the purchaser.
As system operators of UC solutions get past the initial installation and operation phase, monitoring solutions can play a big part in optimizing the UC solution to maintain, or even decrease, operational costs. These operational costs are often a larger contributor to the total cost of ownership.
For system administrators that are ready for this next level of operations, there are various tools available on the market to help. However, the system administrator will need to have a clear vision of the data they want to collect and what they intend to do with the data. For instance, do you (as the system administrator) plan to have a reactive attitude and just want better tools to troubleshoot problems and reduce outages, or do you prefer a more proactive approach so you can actively monitor your network and react to situations as early as possible. The choice is yours; it just depends upon your level of commitment to monitoring your network.
Once the decision is taken to monitor your network, you can expect to see cost savings and/or improvements in the following areas:
- Fault resolution time
- Network problem mitigation
- WAN bandwidth and PSTN circuit optimization
- Regulatory and IT compliance initiatives
- Asset & inventory management improvements
Additional resources should be available from your service provider or vendor to help you set up a monitoring solution. If not, consult the ShoreTel website (www.shoretel.com) for more information.
ShoreTel. Brilliantly simple business communications.
ShoreTel, Inc. (NASDAQ: SHOR) is a leading provider of brilliantly simple IP phone systems and unified communications solutions powering today’s always-on workforce. Its flexible communications solutions for on-premises, cloud and hybrid environments eliminate complexity, reduce costs and improve productivity.