Print
Close Window
From: www.itworld.com
Crash landing
December 27, 2000 —
Landing a jet fighter on the pitch-black, heaving deck of an aircraft carrier in the middle of a storm requires great skill, nerves of steel and superb instrumentation. Losing your instrument landing system as you cross the stern is a sure ticket to a major crash.
A big crash is exactly what happened when we put Shomiti Systems' Surveyor 3.1 to the test. The monitoring software and Explorer network probe have great potential, and we wanted to give them a thumbs up, but we found that the current release is not stable and lacks some critical features. We recommend waiting for the next release.
If you peek inside the cockpit of an F-14 Navy fighter aircraft, you'll see a complex set of gauges, switches and displays -- far more than you would find inside a small, private aircraft. That high-tech cockpit is the type of environment Shomiti has attempted to provide for network analysts with demanding monitoring needs. The Shomiti Explorer probe and Surveyor software work together as an advanced analyzer and monitor for 10/100 Ethernet, Gigabit Ethernet and token-ring networks. Although be advised, just like the F-14 fighter, this is complicated and expensive equipment and is best deployed on critical network segments.
Surveying the net
Surveyor 3.1 consists of a hardware component (the Explorer probe) and Surveyor, a software application. Companies can opt to replace the Explorer probe with a Windows NT system with a Network Driver Interface Specification-compliant network interface card (NIC). We tested both configurations.
Upon initialization, Surveyor lets operators scan the network for remote probes. Detected probes are displayed in a convenient resource browser on the left side of the main window. Each probe's NICs are shown as separate resources and may be activated individually.
The Alarm Browser is located directly below the list of probes. If you are using the Expert alarm plug-in, you can create a series of alarm definitions using the Alarm Browser and save them for future use. To activate an alarm, simply click on the probe and interface where you wish to assign the alarm to, and drag it down to the Alarm Browser window. Drop it on the alarm definition, and it's active.
We found this feature to be useful and took frequent advantage of it. The Data Link Layer alarm for Overload Utilization Percentage let us specify a maximum Ethernet utilization threshold. If the threshold was exceeded an alarm was immediately generated. We also used the Application Layer alarm to track down a misbehaving workstation.
When an alarm is triggered, network administrators can be notified by a beep and a message on the console, a call to an alphanumeric pager or an e-mail message. Given that
Surveyor is likely to be used in unattended mode, e-mail notification is critical. On the downside, the product only supports Messaging API (MAPI) mail. Having no support for Simple Mail Transfer Protocol-based e-mail was a serious omiission, because many users are likely to have extensive notification lists on other mail systems. Shomiti officials say they are considering adding support for non-MAPI e-mail systems in an upcoming release.
Catch that packet
Capturing data at wire speed is where the Explorer probe excelled. We tossed hundreds of megabits per second of traffic at the probe, and it never dropped a packet. With a 256M-byte buffer, there's plenty of room for captured data, even at extremely high bandwidth.
Surveyor's filters are one of its strongest features. Users can define capture and display filters that make sorting the signal from the noise easy. Constructing a filter is a snap: Select the field to filter with - source address, destination address, port number -- then right-click the mouse and use the "copy to filter" feature to automatically construct the filter. This beats plugging in hexadecimal numbers manually.
Shomiti provides an outstanding quality-of-service (QoS) protocol-decoding plug-in with this release. Using the plug-in, which is an optional module, we monitored H.323 and Q.931 traffic, examined maximum and minimum jitter statistics, and counted dropped packets. Surveyor has one of the best QoS decoding engines we've seen.
Unfortunately, we found Surveyor and the Explorer probe to be highly unstable in this release. We identified several bugs in the filtering engine related to Windows 2000, and we experienced repeated, and unexplained, losses of connectivity with the Explorer probe and our NT-based probe. We spent several days working with Shomiti's technical support team to resolve the issues, most of which seemed to be related to Win 2000. Shomiti's engineers assured us that they had fixed most of the bugs we found, and that the next release would take care of the problems. We'll withhold our judgment until after we test the next release.
Installation and documentation
Surveyor was a breeze to install. A mistake on our end had the program failing to detect a second NIC in our remote agent, but a quick perusal of the documentation and a change to the configuration file quickly solved that problem. We wish more applications went in this easily.
The documentation supplied by Shomiti is well-written, superbly illustrated and easy to understand. A quick-start booklet was provided, and we found that we rarely had to refer to the extensive user's guide. The few times that we had to dig through the guide, we had no problems finding the answers to our questions. Kudos to Shomiti for supplying printed documentation. Manuals on CD-ROM are becoming the norm -- we findprinted documentation much easier to use, particularly in the field.
Bottom line
Surveyor and the Explorer probe have great potential. We tried to like them, but the random crashes, inconsistencies between operating systems and lack of support for non-MAPI e-mail keep us from recommending the current release. Hold off on purchasing this product until an updated version is released. If Shomiti can addresss the problems we found, Surveyor has the potential to be an extremely useful tool for enterprise network managers.
Network World