S 2.171 Selection of a suitable system management product

Initiation responsibility: Head of IT

Implementation responsibility: Administrator

After having surveyed the current system environment (see S 2.168 IT system analysis before the introduction of a system management system) and defined the management strategy (see S 2.169 Developing a system management strategy), a suitable system management system must be selected. Depending on the size of the system to be managed, different implementations may be expedient here:

• For small systems, the system management may be performed "manually" by the system administration.
• For small and medium systems, the system management may also be performed by a collection of individual tools.
• For large systems, a system management system should be used.

State-of-the-art network-capable operating systems normally already include functions which allow central management of users and user groups, for example. For example, NIS or NIS+ can be mentioned here for Unix systems; in Windows systems, the Windows NT domain concept allows central user management using the domain controller. Similar options are also offered by Novell with Intranetware. Normally, there are additional options for operating a policy management across the entire network.

In small and medium networks, software management, computer configurations management, as well as system components monitoring constitute the most urgent problem areas additionally. Here, additional software tools may be used that may assume the tasks individually. Particularly in the areas also covered by the network management disciplines (configuration management, monitoring), using a network management tool may be taken into consideration.

For Windows, tools such as the "Novell Zero Administration Kit" which support the administrator when installing new computers, the "Microsoft Management Console" offering a uniform central view on all administration tools, as well as the "Microsoft Systems Management Server (SMS)" can be mentioned, for example. For example, the SMS product provides the administrator with the following options:

• taking stock of hardware and software components
• installation and distribution of data and applications on network computers
• control when performing network applications
• support when administrating computers using the network
• monitoring of the network traffic

However, SMS is not designed for a heterogeneous environment. Furthermore, remote maintenance is only semi-automatic and requires an on-site administrator so that the use only makes sense for smaller and adjacent networks.

For Unix, the "rdist" program can be used in order to administrate and distribute software, for example, in order to install or update software on remote computers. With this, it is possible to install exactly those products from a central software pool to the respective computers that are actually required by the employees in order to perform their tasks. Additional, often free programs (mostly from the university environment) allow monitoring of the network using SNMP, for example.

The solutions compiled this way constitute a low-cost alternative for smaller and medium networks. However, they normally require an experienced administrator, who also performs adaptations to local circumstances or integrates additional functionalities by self-programming, under some circumstances.

For larger and large-scale networks, such solutions are not suitable, though, since the functionalities are located in different tools that are not integrated. For large-scale networks in companies or government agencies, only system management systems come into question. Before introducing such a system, it should be taken into account that this normally constitutes a significant intervention in the running system and requires careful planning. Frequently, the introduction takes more than 12 months with at least a six-digit amount to be invested for larger networks. Therefore, it is important to select the proper management system. The following criteria should be taken into consideration when selecting the system to be procured:

• what is the scope of functions offered by the product?
• cost
  • for procuring the software
  • for procuring additional hardware (for some systems, one or several central management servers must be procured)
  • for installation and operating expenses (external employees may even have to be deployed under some circumstances)
  • for training the employees
  • miscellaneous (e.g. migration cost for an existing platform, adaptation/new development of local software, structural measures, e.g. secure server room)
• protection of the investment
  • to which extent is the system management product scalable (e.g. number of computers can be increased)?
  • is it possible for the platform to grow together with the company (e.g. number of possible management domains, delegation of tasks)?
  • what are the migration paths to the platform?
  • what are the migration paths from this platform to another platform?
• potential for integration with other products
  • which server and/or client system platforms are supported?
  • is it possible to integrate an existing network management system?
  • is it possible to integrate an existing data backup system?
  • which applications of third party providers are available for this product?
• reliability and failure safety
  • are there statements or even guarantees regarding the maximum downtimes?
  • is hot swap possible for central components?
  • is there a system-internal backup and recovery mechanism?
  • are updates provided at regular intervals? Can the updates be installed easily?
• security: access restrictions regarding the management functions
  • is it possible to restrict the access at the user ID level (which user is allowed to do what)?
  • is it possible to restrict the access at the component level (which computer is allowed to do what)?
  • is it possible to restrict the access to the executable commands depending on the user or system?
  • is it possible to distribute the administrative tasks? For example, is it possible to restrict the administration of components to certain areas (e.g. only the department computers)?
• security: administration of computers using the network
  • how are remote accesses protected?
  • is it possible to perform remote accesses with encryption?
  • is it ensured that (strong) authentication is required prior to remote administration?
  • is it possible to restrict the authorisation for remote administration to certain persons or roles?
  • is the user informed automatically about remote accesses?
• security: data security, data protection
  • is the collected data stored securely (data access restrictions, encryption)?
  • is the data transfer between the management components protected (authentication, encryption, protection of the integrity)?
  • is it possible to control the type of collected information (anonymisation, tracing, demonstrability)?
  • is it possible to integrate virus scanners?
  • which logging options are offered?
  • is it possible to monitor or prevent local software installation?
• user-friendliness
  • is there a graphical user interface (e.g. x-Window, Motif, Windows interface, web browser)?
  • what is the level of complexity regarding the navigation?
  • is the local language or are also several languages (when used globally) supported?
  • can programs be executed easily (even on remote computers).
  • how easily can the user change the interface?
  • are exceptions and alarms displayed appropriately?
  • can monitoring be adjusted, even regarding the degree of detail?
  • is the complexity of network components "hidden" appropriately (so that the user does not have to be an expert for the component to be administrated)?
  • can one user interface be used in order to use all functions?
  • are online help functions and instructions available?
• ergonomics when managing complex systems
  • are different network protocols, network components, and operating systems supported?
  • how does the platform handle geographically distributed systems and what is their representation?
  • what is the level of complexity when integrating new components or when removing components from the system (autodiscovery, manual)?
• standards compliance (depending on the environment, the compliance with at least one standard may be required)
  • platforms
    • Distributed Management Environment (DME) from Open Software Foundation (OSF)
    • specification of the Desktop Management Task Force (DMTF)
    • OMNIpoint specification of the Network Management Forum (NMF)
  • database
    • which DBMSs (Data Base Management Systems) are supported?
    • is SQL supported as query language if the management software does not include a proprietary database?
  • CORBA (Common Object Request Broker Architecture) of the Object Management Group (OMG)
  • Application Program Interface (API) if proprietary extensions of the management system are necessary (e.g. APIs for SNMP, XMP, DMI).

The aspects mentioned here must be understood as guiding principles when evaluating management systems. Depending on the local circumstances, requirements for the management system that may be used as KO criteria when making a decision should be formulated based on the current system environment (see S 2.168 IIT system analysis before the introduction of a system management system) and based on the management strategy (see S 2.169 Developing a system management strategy). The above mentioned criteria should always be weighted in such a way that the local preferences are reflected.

Normally, the requirements for the management system and the features of the selected management system cannot be harmonised completely. As a result, it is necessary to adapt the management strategy drawn up to the scope of functions of the selected specific product.

Review questions:

• Is the selection of a suitable system management system based on the requirements determined beforehand?