NETWORKING BASICS

SNMP:

Simple Network Management Protocol (SNMP) is a networking protocol used for the
management and monitoring of network-connected devices in Internet Protocol
networks. The SNMP protocol is embedded in multiple local devices such as routers,
switches, servers, firewalls, and wireless access points accessible using their IP
address. SNMP provides a common mechanism for network devices to relay
management information within single and multi-vendor LAN or WAN environments. It is
an application layer protocol in the OSI model framework.

Typically, the SNMP protocol is implemented using the User Datagram Protocol (UDP).
UDP is a connectionless protocol that works like the Transmission Control Protocol
(TCP) but assumes that error-checking and recovery services are not required. Instead,
UDP continuously sends datagrams to the recipient whether they receive them or not.

SNMP Management Information Bases (called MIBs for short) are data structures that
define what can be collected from the local device and what can be changed and
configured.

Management information base (MIB):

This data structure is a text file (with a .mib file extension) that describes all data objects
used by a particular device that can be queried or controlled using SNMP including
access control. Inside the MIB there are many different managed objects which can be
identified by Object Identifiers. An Object Identifier (OID) is a MIB identifier that is used
to delineate between devices within the MIB. OIDs are uniquely generated as numeric
identifiers used for access to MIB objects.

Versions: There are three different versions of SNMP:

 SNMP version 1 (SNMPv1) -This was the first implementation, operating within
the structure management information specification, and described in RFC 1157.
 SNMP version 2 (SNMPv2) -This version was improved to support more efficient
error handling and is described in RFC 1901. It was first introduced as RFC
1441. It is often referred to as SNMPv2c.
 SNMP version 3 (SNMPv3) -This version improves security and privacy. It was
introduced in RFC 3410.

SNMP version 2 is the most commonly deployed SNMP protocol version today. The
most recent version, SNMP version 3, includes new security features that add support
for authentication and encryption of SNMP messages as well as protecting packets
during transit.
Internet Control Message Protocol (ICMP)?

The Internet Control Message Protocol (ICMP) is a network layer protocol used by
network devices to diagnose network communication issues. ICMP is mainly used to
determine whether or not data is reaching its intended destination in a timely manner.
Commonly, the ICMP protocol is used on network devices, such as routers. ICMP is
crucial for error reporting and testing, but it can also be used in distributed denial-of-
service (DDoS) attacks.

What is ICMP used for?

The primary purpose of ICMP is for error reporting. When two devices connect over the
Internet, the ICMP generates errors to share with the sending device in the event that
any of the data did not get to its intended destination. For example, if a packet of data is
too large for a router, the router will drop the packet and send an ICMP message back
to the original source for the data.

A secondary use of ICMP protocol is to perform network diagnostics; the commonly

used terminal utilities traceroute and ping both operate using ICMP. The traceroute
utility is used to display the routing path between two Internet devices. The routing path
is the actual physical path of connected routers that a request must pass through before
it reaches its destination. The journey between one router and another is known as a
‘hop,’ and a traceroute also reports the time required for each hop along the way. This
can be useful for determining sources of network delay.

The ping utility is a simplified version of traceroute. A ping will test the speed of the
connection between two devices and report exactly how long it takes a packet of data to
reach its destination and come back to the sender’s device. Although ping does not
provide data about routing or hops, it is still a very useful metric for gauging
the latency between two devices. The ICMP echo-request and echo-reply messages
are commonly used for the purpose of performing a ping.

Unfortunately network attacks can exploit this process, creating means of disruption
such as the ICMP flood attack and the ping of death attack.
How does ICMP work?

Unlike the Internet Protocol (IP), ICMP is not associated with a transport layer protocol
such as TCP or UDP. This makes ICMP a connectionless protocol: one device does not
need to open a connection with another device before sending an ICMP message.
Normal IP traffic is sent using TCP, which means any two devices that exchange data
will first carry out a TCP handshake to ensure both devices are ready to receive data.
ICMP does not open a connection in this way. The ICMP protocol also does not allow
for targeting a specific port on a device.

What is an ICMP packet?

An ICMP packet is a packet that uses the ICMP protocol. ICMP packets include an
ICMP header after a normal IP header. When a router or server needs to send an error
message, the ICMP packet body or data section always contains a copy of the IP
header of the packet that caused the error.

https://www.cloudflare.com/learning/ddos/glossary/internet-control-message-protocol-
icmp/

What Is Net Flow?

Net Flow is a network protocol system created by Cisco that collects active IP network traffic
as it flows in or out of an interface. The Net Flow data is then analyzed to create a picture of
network traffic flow and volume — hence the name: Net Flow.

The Net Flow protocol is used by IT professionals as a network traffic analyzer to determine
its point of origin, destination, volume and paths on the network. Before Net Flow, network
engineers and administrators used Simple Network Management Protocol (SNMP) for
network traffic analysis and monitoring.

While SNMP was effective for network monitoring and capacity planning, it didn’t provide
detailed insight into bandwidth usage.
How Does Net Flow Work?

Net Flow follows a simple process of data collecting, sorting and analysis. The main
components include:

IP Flow

An IP flow consists of a group of packets that contain the same IP packet attributes. As a
packet is forwarded within a router or switch, it is examined for a set of attributes, including
IP source address, IP destination address, source port, destination port, Layer-3 protocol
type, class of service and router or switch interface.

Net Flow Cache

The Net Flow cache is a database of condensed information where Net Flow data is stored
once the packets have been examined.

Command Line Interface

The Command Line Interface (CLI) is one of two Net Flow connection methods to access
Net Flow data. It provides an immediate view of your network traffic and is useful for
troubleshooting.

Net Flow Collector

The second option to access Net Flow data is to export the data to a Net Flow collector. A
Net Flow collector is a reporting server that collects and processes traffic and the exported
data so that it is easy to analyze. These Net Flow collectors fall into two categories:
hardware-based collectors and software-based collectors, with software solutions being
more common than hardware devices.

https://blog.gigamon.com/2018/01/08/what-is-netflow/
What is network telemetry?
A subset of telemetry, network telemetry is the collection, measurement and analysis of
data related to the behavior and performance of a network. It involves gathering
information about routers, switches, servers and applications to gain insights into how
they function and how data moves through them.
To achieve this, network telemetry employs different methods. One common approach
is network monitoring tools that capture and analyze traffic data. These tools provide
information about network bandwidth, latency, packet loss, and other performance
metrics.
Telemetry also includes protocols like SNMP (Simple Network Management Protocol) or
Net Flow that enable data collection from network devices and routers. This data can
then be processed and visualized to:

 Identify patterns
 Troubleshoot issues
 Optimize network performance

With network telemetry, you can detect and address network bottlenecks, security
threats or anomalies that might impact the network's efficiency. It’ll help you make
informed decisions, optimize network resources, and ensure a smooth and reliable
network experience for users.
The network telemetry framework has four modules. Each module has three
components for data configuration, encoding, and instrumentation. The framework uses
uniform data mechanisms and types, making it easy to manage and locate data in the
system.

Top-level modules

There are four categories of network telemetry's top-level modules:

1) The Management plane includes protocols like SNMP and syslog through which
network elements interact with a network management system (NMS). This telemetry
must address data subscription, structured data, high-speed transport and congestion
avoidance to ensure efficient automatic network operation.
2) Control plane telemetry monitors the health of different network control protocols. It
helps to detect, localize, and predict network issues. This method also allows for real-
time and detailed network optimization.
3) Forwarding plane telemetry system functions depending on the data that the
network device can provide. Ensuring that data meets the quality, quantity, and timing
standards can be challenging for devices in the network's data plane where the data
originates.
4) In external data telemetry, external events are an essential data source. They can
be detected by hardware or software. There are a few challenges in this telemetry:

 The data must meet strict timing requirements.

 Current and future devices and applications must quickly adopt the schema
external detectors use.
 Counter-measures are needed to avoid congestion.

Second-level components:

Each plane's telemetry module has five different parts.

1. Data query, analysis and storage components issue data requirements,

receive and process returned data and initiate further data queries. It can be
centralized or distributed in network devices or remote controllers.
2. Data configuration and subscription components manage data queries and
subscriptions on devices, including configuring desired data and determining
protocols and channels for data acquisition. Subscription data can be described
through models, templates, or programs.
3. Data encoding and export components control how telemetry data is sent to the
storage component. But the encoding and transport may vary based on the
export location.
4. Data generation and processing component capture, filter, and process data in
network devices from raw sources. Sometimes it's done through in-network
computing and processing on fast or slow paths.
5. Data object and source component identifies the objects being monitored and
their original data sources. Data sources provide raw data, which may require
further processing. And some sources are dynamic, while others are
static.

https://www.splunk.com/en_us/blog/learn/network-telemetry.html

OSI Model:
The open systems interconnection (OSI) model is a conceptual model created by the
International Organization for Standardization which enables diverse communication
systems to communicate using standard protocols. In plain English, the OSI provides a
standard for different computer systems to be able to communicate with each other.

The OSI Model can be seen as a universal language for computer networking. It is
based on the concept of splitting up a communication system into seven abstract layers,
each one stacked upon the last.

Physical Layer

The lowest layer of the OSI Model is concerned with electrically or optically transmitting
raw unstructured data bits across the network from the physical layer of the sending
device to the physical layer of the receiving device. It can include specifications such as
voltages, pin layout, cabling, and radio frequencies. At the physical layer, one might find
“physical” resources such as network hubs, cabling, repeaters, network adapters or
modems.

Data Link Layer

At the data link layer, directly connected nodes are used to perform node-to-node data
transfer where data is packaged into frames. The data link layer also corrects errors that
may have occurred at the physical layer.

The data link layer encompasses two sub-layers of its own. The first, media access
control (MAC), provides flow control and multiplexing for device transmissions over a
network. The second, the logical link control (LLC), provides flow and error control over
the physical medium as well as identifies line protocols.

Network Layer

The network layer is responsible for receiving frames from the data link layer, and
delivering them to their intended destinations among based on the addresses contained
inside the frame. The network layer finds the destination by using logical addresses,
such as IP (internet protocol). At this layer, routers are a crucial component used to
quite literally route information where it needs to go between networks.

Transport Layer
The transport layer manages the delivery and error checking of data packets. It
regulates the size, sequencing, and ultimately the transfer of data between systems and
hosts. One of the most common examples of the transport layer is TCP or the
Transmission Control Protocol.

Session Layer

The session layer controls the conversations between different computers. A session or
connection between machines is set up, managed, and terminated at layer 5. Session
layer services also include authentication and reconnections.

Presentation Layer

The presentation layer formats or translates data for the application layer based on the
syntax or semantics that the application accepts. Because of this, it at times also called
the syntax layer. This layer can also handle the encryption and decryption required by
the application layer.

Application Layer

At this layer, both the end user and the application layer interact directly with the
software application. This layer sees network services provided to end-user applications
such as a web browser or Office 365. The application layer identifies communication
partners, resource availability, and synchronizes communication.

https://www.forcepoint.com/cyber-edu/osi-model

TCP/IP Model:

The transmission control protocol/internet protocol (TCP/IP) model finds its origins in the
ARPANET reference model. The architecture of TCP has evolved from studies in
methods for connecting multiple packet-switched networks. The central aim of the
TCP/IP model is to enable the sending of data packets to one application on a single
computer. The TCP/IP model is an internet-capable set of protocols.

The TCP/IP model sets out how packets exchange information through the web. This
set of communication protocols determines how data is to be broken, addressed,
transferred, routed and received for sharing. The server-client model is the
communication model for this set.
The TCP/IP model describes how to construct communication lines for applications. It
also manages to divide a message into packets before it is sent across and
reassembled. IP outlines how packets are addressed and routed to make sure that the
data reaches the right destination. The current internet architecture uses this network
concept.

The TCP/IP model has four layers:

 Application Layer
 Transport Layer
 Network Layer
 Physical Layer

Application Layer

The application layer is a combination of the application, presentation, and session

layers. This layer is responsible for interaction between the user and the application.
Here, data is formatted, converted, encrypted, decrypted, and set to the user.

Protocols used by the application layer are:

HTTP

Hypertext transfer protocol allows the users to interact with the World Wide Web
through browser applications.

SMTP

Simple mail transfer protocol is used to send mails.

FTP

File transfer protocol is used for transmitting files from one system to another.
DNS

Domain name system is the phonebook of the internet.

TELNET

Teletype network acts as a client-server protocol. It is used to provide bidirectional

connection.

Transport Layer

The transport layer is responsible for end-to-end communication and provides error-free
delivery of data. This layer can transport the data through a connection-oriented or
connectionless layer.

The two protocols used in the transport layer are user datagram protocol (UDP) and
TCP.

UDP

This protocol provides connectionless service and end-to-end delivery of transmission.

It is considered an unstable protocol because it discovers the errors but does not
specify them.

TCP

It provides all transport services to the application layer. TCP is a dependable protocol
for error detection and retransmission. It assures that all segments must be received
and recognized before completing the transmission and discarding the virtual circuit.

Network Layer

The network layer provides host addressing and chooses the best path to the
destination network. This layer maintains the quality of service and offers
connectionless end-to-end networking.
The protocols in the network layer are:

IPV4

Internet protocol version 4 is employed for packetizing, forwarding, and delivery of

packets. IP is an unreliable datagram protocol.

ICMPV4

Interrupt control message protocol controls all errors. These mistakes are handled
by ICMP protocol during the delivery of the message to target problems.

IGMP

Internet group management protocol helps in multicasting.

Physical Layer

The physical layer interacts with the top level of the TCP/IP model application. This
layer is the nearest end-user TCP/IP layer. It means that the consumers can connect
with other software apps.

https://intellipaat.com/blog/what-is-tcp-ip-model/

IP addressing
An (IP) address is a unique identifier that assists in the recognition of different devices
present over the network. Through IP addressing, we can send and receive data
packets across the internet without trouble-free.
IP format
An IP address is a 32-bit numerical address separated by periods (.)(.) represented in
dotted decimal notation. It is expressed in a set of four pairs, where each set ranges
from 00 to 255255. Slash notation (/)(/) identifies the number of network bits reserved
for the allocated IP address.

The parts of an IP address

The IP address has two parts: the network address and the host address. The
network address is essential for the recognition of the network. In the host address part,
we always reserve the first address for the network address, and the last address for
the broadcast address. The broadcast address transmits data to all the hosts present
in the network at once.

Sub netting
Sub netting is a process of partitioning a complex network into multiple smaller logical
sub-networks, or subnets.

Subnet masks
A subnet mask is a 3232-bit number that divides the existing IP into network and host
addresses.

Example

To find the subnet mask of a particular IP address, let's set all network bits to 11s and
the host bits to 00s. The given IP address has 24 bits reserved as a network address.
So, its default subnet mask is 255.255.255.0255.255.255.0.

Note: The IP address space for a network is globally allocated by the Internet
Assigned Numbers Authority (IANA). The network administrator is responsible for
managing the IP addresses within the allocated address space.

The importance of sub netting

As networks grow larger and more complex day by day, traffic also requires fast and
efficient routes. Sub netting provides a mechanism named route aggregation that
limits the size of the routing table that each router has to maintain. This not only helps
maintain efficient network speed, but also enhances performance.

https://www.educative.io/answers/what-is-ip-addressing-and-subnetting
Basics of DNS and AD:
Domain Name System (DNS) is a name resolution method that is used to resolve
hostnames to IP addresses. It is used on TCP/IP networks and across the internet. DNS
is a namespace. Active Directory is built on DNS. DNS namespace is used internet-
wide while the Active Directory namespace is used across a private network. The
reason behind the choice of DNS is that it is highly scalable and it is an internet
standard.

In the case of Active Directory, DNS maintains a database of services that are running
on that network. The list of services running is maintained in the form of service records
(SRV). Service records allow a client in an active directory environment to locate any
service it needs such as a printer. These SRV records are used to identify the domain
controllers also.

A single DNS server cannot help in resolving a resource record. Several DNS servers
are used in the process. Each DNS server queries its own database to find an address
corresponding to a record. If the requested information is not available, then it forwards
the query to another DNS server. For example, a name resolution may first query an
Internet root server, then the first–level domain server, and then the second–level
domain server, and so on to resolve the name to its associated address.

Every time the computer’s IP address changes, making manual entries into the DNS
database is time-consuming and might result in some entries being left out. Hence
Dynamic DNS is required to make these updates automatic. Any newly installed server
can also automatically register its IP address and SRV records with the DNS server.
Active Directory supports such Dynamic updates to be made.

AD depends on DNS for name resolution and locating resources on a network. DNS
has a database that maintains resource records, which helps identify various servers,
domains, and services on the network.

https://www.windows-active-directory.com/dns-and-active-directory.html
NMS Architecture
NMS Tools & subsequent understanding of them:
1. Solar Winds
2. Kiwi Sys Log

Solar Winds
Solar Winds offers a tool known as the Solar Winds Network Performance Monitor
(NPM). Here's an overview of its features, uses, and operations:
Overview:
Name: Solar Winds Network Performance Monitor (NPM).
Purpose: NPM is designed to monitor and manage the performance of networks and
network devices.
Key Features:
Network Monitoring: Monitors the performance of routers, switches, servers, and other
network devices in real-time. Alerting: Provides customizable alerts based on
predefined thresholds, notifying administrators of potential issues. Traffic Analysis:
Analyzes network traffic patterns to identify bandwidth usage and troubleshoot
performance bottlenecks. Fault Detection: Detects and alerts on network faults or
failures. Performance Metrics: Collects and displays performance metrics for devices
and interfaces.
Uses:
Network Troubleshooting: Helps identify and resolve network issues promptly. Capacity
Planning: Assists in planning and optimizing network capacity based on historical
performance data. Security Monitoring: Monitors network activity for potential security
threats. Performance Optimization: Provides insights into performance bottlenecks and
areas for improvement.
Operations:
Configuration: Requires initial setup by adding devices to be monitored. Dashboard:
Offers a centralized dashboard for an overview of network health. Alert Configuration:
Allows users to customize alerts based on specific criteria. Reporting: Generates
reports on network performance, usage, and availability.

Solar Winds NPM is a comprehensive tool for IT professionals to ensure the reliability
and efficiency of their network infrastructure. It is part of the broader suite of Solar
Winds products aimed at network and systems management.

Kiwi Sys Log:

Kiwi Syslog Server, developed by Solar Winds, is a network management tool designed
for receiving, logging, displaying, and forwarding syslog messages and SNMP traps.
Here's an overview of its features, uses, and operations:
Overview:
Name: Kiwi Syslog Server.
Purpose: Kiwi Syslog Server is used for centralized management of syslog messages
and SNMP traps.

Key Features:
Syslog Management: Collects and stores syslog messages generated by network
devices, servers, and applications. SNMP Trap Handling: Receives and processes
SNMP traps for monitoring network events. Log Forwarding: Forwards syslog messages
and SNMP traps to other systems or devices. Alerting: Allows for setting up alerts and
notifications based on syslog message content. Log Filtering: Permits the filtering of
syslog messages based on content or severity.
Uses:
Centralized Logging: Provides a central repository for syslog messages, aiding in
troubleshooting and analysis. Compliance: Assists in meeting regulatory compliance
requirements by logging and storing critical events. Alerting and Notification: Notifies
administrators of specific events through customizable alerts. Integration: Integrates
with other Solar Winds products and third-party tools.
Operations:
Configuration: Involves setting up the server to receive and process syslog messages
and SNMP traps. Filtering Rules: Establishing rules for filtering and categorizing
incoming logs. Alert Setup: Defining criteria for generating alerts based on syslog
content. Log Analysis: Using the interface to analyze and search through logs for
troubleshooting or compliance purposes.

Kiwi Syslog Server is a valuable tool for managing log data in a networked environment,
providing administrators with the means to efficiently handle and analyze syslog
messages and SNMP traps from various sources.

System Configuration and Understanding

Node Addition / Deletion / Modification Learning:

In Solar Winds adding, deleting, and modifying nodes involves interacting with the
management interface. Here's a brief overview of these actions:
Adding a Node:
Procedure:
Log in to the Solar Winds NPM web console.
Navigate to the "Settings" menu.
Under "Manage Nodes," select "Add Node.
Enter the necessary information for the new node, including IP address, Community
string (for SNMP), and other details.
Follow the wizard to complete the node addition process.
Purpose:
Adding a node allows NPM to start monitoring the device, collecting Performance data
and generating alerts.
Deleting a Node:
Procedure:
In the NPM web console, go to the "Manage Nodes" page.
Select the node you want to remove.
Click on "Delete" or a similar action to remove the node from monitoring.
Purpose:
Deleting a node is useful when a device is decommissioned or no longer part of the
network, ensuring that NPM focuses on active devices.
Modifying a Node:
Procedure:
Navigate to the "Manage Nodes" page in the Solar Winds console.
Select the node you want to modify.
Choose the "Edit Properties" or a similar option.
Update the necessary information (e.g., SNMP settings, polling intervals).
Purpose:
Modifying a node is beneficial when there are changes to the device configuration or if
you need to adjust monitoring settings. These actions are typically performed by
network administrators to maintain an accurate and up-to-date representation of the
network in the Solar Winds NPM system. Always exercise caution when deleting nodes
to avoid unintentional data loss or disruption in monitoring.

Parent Child Mapping and Importance:

In Solar Winds Network Performance Monitor (NPM), creating parent-child mapping
involves defining relationships between devices to establish dependencies. Here's a
basic guide on how to do this:
Steps to Create Parent-Child Mapping in Solar Winds NPM:
>Log In:
Log in to the Solar Winds NPM web console using your credentials.
>Access the Network Atlas:
Navigate to the "Network Atlas" from the Solar Winds NPM console. The Network Atlas
is the tool used for designing and customizing network maps.
>Open or Create a Map:
Open an existing map or create a new one where you want to define parent-child
relationships.
>Add Devices to the Map:
Drag and drop the devices you want to include in the mapping onto the Network Atlas.
Ensure that the devices are already added to Solar Winds NPM for monitoring.
>Establish Parent-Child Relationships:
Select a device on the map that you want to set as the parent.
Right-click on the device, and choose "Connect To" or a similar option.
Connect the device to its dependent child devices. This creates visual links on the map.
>Configure Dependency Types:
Customize the parent-child relationships by configuring dependency types. For
example, you might set up a "Network Dependency" or a "Child Depends on Parent"
relationship.

>Save and Apply Changes:

Save the changes you made to the map.
>View Parent-Child Relationships:
Navigate back to the main Solar Winds NPM console and view the created parent-child
relationships. You can often see these relationships in the "Manage Nodes" section or
within specific device details.

Importance of Parent Child Mapping:

# Network Discovery:
Before creating parent-child relationships, ensure that all relevant devices are
discovered and added to Solar Winds NPM for monitoring.
# Custom Properties:
Leverage custom properties in Solar Winds NPM to add specific information that might
aid in creating more meaningful parent-child relationships.
# Alerting Configuration:
Review and configure alerting settings to ensure that alerts appropriately reflect parent-
child dependencies.
By following these steps, you can visually represent and establish parent-child
relationships in Solar Winds NPM, enhancing your ability to monitor and manage
network dependencies effectively. In Solar Winds Network Performance Monitor (NPM),
parent-child mapping refers to the relationship between network devices, where one
device is considered the parent of another. Understanding and correctly configuring
parent-child relationships is crucial for effective network monitoring. Here's the
importance of parent-child mapping in Solar Winds NPM:
 Dependency Awareness:
Importance: Parent-child relationships help establish dependencies between devices.
For example, a router might be the parent of switches connected to it. If the router
experiences issues, Solar Winds NPM can intelligently understand that the connected
switches might be affected as well.
 Topological View:
Importance: Parent-child mapping contributes to the creation of a topological view of the
network. This visual representation aids administrators in quickly understanding the
structure and interconnections of devices.

 Alerting and Notifications:

Importance: When a parent device encounters problems, Solar Winds NPM can
generate alerts not only for the parent but also for its dependent child devices. This
ensures that administrators are promptly notified of issues that may impact multiple
components.
 Efficient Troubleshooting:
Importance: Parent-child relationships streamline troubleshooting. When an alert is
triggered for a parent device, administrators can focus their efforts on the root cause
and understand the potential downstream impact on child devices.
 Performance Roll-Up:
Importance: Solar Winds NPM can aggregate performance data from child devices to
provide a holistic view at the parent level. This roll-up view helps in assessing the
overall health and performance of critical components in the network.
 Optimized Resource Utilization:
Importance: By understanding parent-child relationships, Solar Winds NPM optimizes
resource utilization. It avoids unnecessary polling of child devices when issues are
identified at the parent level, reducing network traffic and resource consumption.
 Improved Reporting:
Importance: Reporting becomes more meaningful with parent-child mapping. Reports
can be generated at different levels, allowing for granular insights into specific devices
or a broader overview of interconnected segments.

In summary, parent-child mapping in Solar Winds NPM is fundamental for creating a

dynamic and responsive monitoring environment. It enhances the system's ability to
provide accurate alerts, efficient troubleshooting, and a comprehensive understanding
of network dependencies.

Custom View Creation and Purpose

Creating custom views in Solar Winds Network Performance Monitor (NPM) allows you
to tailor the monitoring interface to your specific needs. Custom views help organize and
present information in a way that is most relevant to your network management tasks.
Here's how you can create custom views and their purposes:
Steps to Create Custom Views in Solar Winds NPM:

1. Log In:
Log in to the Solar Winds NPM web console using your credentials.
2. Navigate to Views:
Go to the "Views" section, which is typically accessible from the main menu.
3. Create a New View:
Look for an option like "Manage Views" or "Create New View."
Choose to create a new view and provide a name for it.
4. Select Resources:
Add resources to your custom view based on the specific elements you want to
monitor. Resources can include charts, tables, graphs, and other widgets that display
relevant network data.
5. Arrange and Customize:
Arrange the added resources on the view in a way that makes sense for your monitoring
needs .Customize the appearance and layout of the view to suit your preferences.
6. Save the Custom View:
Save the custom view once you've configured it according to your requirements.
Purposes of Custom Views in Solar Winds NPM:

1. *Specialized Monitoring:*
Purpose: Custom views allow you to focus on specific aspects of your network. For
example, you can create a view dedicated to bandwidth usage, system performance, or
security events.
2. *Role-Based Views:*
Purpose: Tailor views for different roles within your IT team. Network administrators
might have a comprehensive view, while support staff might have a more simplified
dashboard.
3.*Geographical Views*
Purpose: Create custom maps that display the geographical distribution of your network
devices. This is particularly useful for organizations with a distributed infrastructure.

4. *Device Type Views:*

Purpose: Group devices based on type (e.g., routers, switches) and create views
specific to each type. This can simplify monitoring for specific device categories.
5. *Critical Infrastructure Views:*
Purpose: Highlight critical components or nodes in your network. Create views that
emphasize the performance and status of key devices.
6. *Historical Performance Views:*
Purpose: Design views focused on historical performance trends. This is helpful for
analyzing long-term patterns and making informed decisions about capacity planning
and optimization.
7. *Integration Views:*
Purpose: Integrate information from other Solar Winds modules or external systems into
a single view. This can provide a holistic overview of IT operations.
Custom views in Solar Winds NPM empower you to streamline your monitoring
experience, making it more efficient and tailored to your specific operational
requirements. They enhance the flexibility and usability of the network management
platform.
Work Chat Alerts Creation and Hands on:
Creating work chat alerts in Solar Winds Network Performance Monitor (NPM) involves
configuring alerts to be sent to collaboration platforms such as Microsoft Teams or
Slack. The process typically involves setting up an alert action to send notifications to
your preferred work chat platform. Below are general steps; however, the exact
procedure may vary based on your Solar Winds NPM version and the specific chat
platform you're using:
Steps to Create Work Chat Alerts in Solar Winds NPM:

1. *Log In:*
Log in to the Solar Winds NPM web console using your credentials.
2. *Navigate to Alerts:*
Go to the "Alerts" section, which is often located in the main menu.

3. *Create or Edit an Alert:*

Either create a new alert or edit an existing one to add a work chat notification.
4. *Configure Trigger Conditions:*
Define the conditions that trigger the alert. For example, you might set thresholds for
bandwidth usage, response time, or device status.
5. *Define Actions:*
Look for the section where you can add alert actions. Add a new action for sending
notifications.
6. *Select Work Chat Action:*
Choose the type of action that sends notifications to your work chat platform. It might be
labeled as "Send a Message" or similar.
7. *Configure Chat Platform Details:*
Enter the details required to connect Solar Winds NPM to your work chat platform. This
typically includes the web hook URL or other integration details.
8. *Define Message Content:*
Specify the content of the message that will be sent to the work chat. You can include
information about the triggered alert, device details, and other relevant data.
9. *Test the Alert Action:*
Many Solar Winds versions allow you to test alert actions. Use this feature to ensure
that notifications are successfully sent to your work chat platform.
10. *Save the Alert Configuration:*
Save the configured alert, making sure to apply any changes.

Hands-On Example for Microsoft Teams:

Choose Teams as the Alert Action:
- In the Solar Winds NPM alert configuration, select "Microsoft Teams" or a similar
option as the alert action.
Get Teams Web hook URL:
- In Microsoft Teams, create an incoming web hook for your channel. Copy the
generated web hook URL.

Configure Solar Winds Alert Action:

- Paste the Teams web hook URL into the Solar Winds NPM alert action configuration.
Define Message Content:
- Specify the content of the message to be sent to Teams. You can use variables to
include dynamic information from the triggered alert.
Test the Alert Action:
- Use the test feature to confirm that alerts are being sent to your Microsoft Teams
channel.
Save and Apply:
- Save the alert configuration.
By following these steps, you can integrate Solar Winds NPM with your work chat
platform, enhancing real-time communication and collaboration for network monitoring
alerts. Please refer to your specific Solar Winds NPM documentation for accurate and
detailed instructions based on your version.

NHV, ART & Analytics Integration

Custom properties and importance of them :
Custom properties are user-defined fields that you can associate with monitored
network objects in Solar Winds Orion Platform. They allow you to store additional
information about your network devices, which can be used to create custom alerts,
reports, views, and groups.
Here are some of the benefits of using custom properties in Solar Winds Orion Platform:
Improved visibility into your network:
Custom properties can help you to track and organize information about your network
devices that is not captured by default properties. This can give you a more complete
picture of your network health and performance.
More effective alerting:
Custom properties can be used to create custom alerts that are more specific to your
network environment and needs. This can help you to reduce the noise from false
positives and ensure that you are alerted to the most critical issues.
More customized reporting:
Custom properties can be used to create custom reports that provide you with the
information you need to make informed decisions about your network. This can help you
to identify trends, track progress, and optimize your network performance.
More efficient grouping:
Custom properties can be used to create custom groups that allow you to organize your
network devices in a way that makes sense for you. This can help you to quickly find the
information you need and make changes to your network more efficiently.
Here are some examples of how custom properties can be used in Solar Winds Orion
Platform:
Track the location of network devices:
You can create a custom property called "Location" and then assign a value to each
device that indicates its physical location. This information can be used to create
custom reports and views that show you the distribution of your network devices across
your organization.
Track the warranty expiration date of network devices:
You can create a custom property called "Warranty Expiration Date" and then assign a
value to each device that indicates the date on which its warranty expires. This
information can be used to create custom alerts that notify you when devices are
nearing the end of their warranty period.
Track the software version of network devices:
You can create a custom property called "Software Version" and then assign a value to
each device that indicates the version of its operating system or other software. This
information can be used to create custom reports that show you the distribution of
software versions across your network.
Track the criticality of network devices:
You can create a custom property called "Criticality" and then assign a value to each
device that indicates its importance to your network. This information can be used to
create custom alerts that notify you when critical devices are experiencing problems.
Overall, custom properties are a powerful tool that can be used to improve your visibility
into your network, create more effective alerts and reports, and group your network
devices more efficiently.

Here are some additional resources that you may find helpful:
Solar Winds Orion Platform Custom Properties Documentation:
(https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-
creating-custom-properties sw1391.htm)
(https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-
creating-custom-properties-sw1391.htm)
Using Custom Properties to Create Custom Alerts in Solar Winds Orion Platform:
https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-
use-a-custom-property-in-alerts-sw1100.htm
https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-
use-a-custom-property-in-alerts-sw1100.htm
Using Custom Properties to Create Custom Reports in Solar Winds Orion Platform:
https://support.solarwinds.com/SuccessCenter/s/article/Create-a-report-on-custom-
properties-for-all-nodes
https://support.solarwinds.com/SuccessCenter/s/article/Create-a-report-on-custom-
properties-for-all-nodes

Using Custom Properties to Create Custom Groups in Solar Winds Orion Platform:
https://thwack.solarwinds.com/resources/thwack-command-center/f/forum/35558/how-
to-use-group-custom-properties-for-creating-a-group
https://thwack.solarwinds.com/resources/thwack-command-center/f/forum/35558/how-
to-use-group-custom-properties-for-creating-a-group
Solar Winds Orion Platform Community:
https://thwack.solarwinds.com/](https://thwack.solarwinds.com/

NHV, Analytics reports & Manual reports. Integration with ART:

Integrating NHV analytics reports and manual reports with ART networking can provide
several benefits, including:
Improved network visibility:
By combining data from multiple sources, ART networking can provide a more
comprehensive view of the network, making it easier to identify and troubleshoot
problems. This can help to improve network performance and reduce downtime.
Enhanced reporting and analysis:
ART networking can utilize the data from NHV analytics reports and manual reports to
generate more comprehensive and insightful reports. This can help network
administrators to better understand network performance, identify trends, and make
informed decisions about network management.
Improved decision-making:
By providing a more comprehensive view of the network and the ability to generate
more insightful reports, ART networking can help network administrators make better
decisions about how to manage their networks. This can lead to improved network
performance, reduced costs, and increased agility.
Streamlined network management:
Integrating NHV analytics reports and manual reports with ART networking can
streamline network management tasks. For example, network administrators can use
the integrated data to automate tasks such as report generation and alerting. This can
free up time for network administrators to focus on more strategic tasks.
Unified view of network performance:
Integrating NHV analytics reports and manual reports with ART networking can provide
a unified view of network performance. This can help network administrators to identify
and troubleshoot problems more quickly and effectively.
Here are some specific examples of how NHV analytics reports and manual reports can
be integrated with ART networking:
NHV analytics reports can be used to provide real-time insights into network
performance. This data can be integrated with ART networking to provide real-time
alerts and notifications when problems are detected.
Manual reports can be used to document network changes and configurations. This
data can be integrated with ART networking to provide a historical record of network
changes and configurations.
NHV analytics reports and manual reports can be used to generate custom reports and
dashboards. This can provide network administrators with the information they need to
make informed decisions about network management.
ART networking can use the data from NHV analytics reports and manual reports to
identify and troubleshoot network problems. For example, ART networking can use the
data to identify patterns in network traffic that may indicate a problem.
ART networking can use the data from NHV analytics reports and manual reports to
optimize network performance. For example, ART networking can use the data to
identify bottlenecks in the network and recommend changes to improve performance.
Overall, integrating NHV analytics reports and manual reports with ART networking can
provide a number of benefits for networking organizations. This can help to improve
network visibility, enhance reporting and analysis, improve decision-making, streamline
network management tasks, and provide a unified view of network performance.

Here are some additional resources that you may find helpful:
ART Networking documentation:
https://www.youtube.com/watch?v=D443jxbpluU https://www.youtube.com/watch?
v=D443jxbpluU
NHV analytics reports documentation:
https://www.ni.com/docs/en-US/bundle/teststand/page/xml-reports.html
https://www.ni.com/docs/en-US/bundle/teststand/page/xml-reports.html
Manual reports documentation:
https://learn.microsoft.com/en-us/sql/reporting-services/report-design/reports-report-
parts-and-report-definitions-report-builder-and-ssrs?view=sql-server-ver16
https://learn.microsoft.com/en-us/sql/reporting-services/report-design/reports-report-
parts-and-report-definitions-report-builder-and-ssrs?view=sql-server-ver16

Hands on Custom Properties Creation:

Creating custom properties in Solar Winds Orion Platform is a straightforward process

that allows you to store additional information about your network devices and use it for
various purposes, such as creating custom alerts, reports, and views. Here's a step-by-
step guide on how to create custom properties in Solar Winds Orion Platform:
Prerequisites:
1. Ensure you have access to the Solar Winds Orion Platform web console with
administrative privileges.
2. Familiarize yourself with the basic concepts of custom properties and their potential
applications in Solar Winds Orion Platform.
Steps:
1. Access the Manage Custom Properties Page:
- Navigate to the Settings menu in the top navigation bar.
- Select "All Settings" from the drop-down menu.
- Under the Node & Group Management heading, click on "Manage Custom
Properties."
2. Create a New Custom Property:
- Click on the "Add Custom Property" button located at the top of the page.
- Select the object type for the custom property. This determines which objects in the
Orion database will be able to have this property associated with them.
- Options include: Node, Volume, Virtual Machine, Virtual Host, Virtual Data store,
and Interface.

3. Define the Custom Property:

- Enter a unique and descriptive name for the custom property. This name should
clearly indicate the purpose of the property.
- Select the data type for the property value. This determines the type of information
that can be stored in the property.
- Options include: Text, Integer, Float, and Boolean.
- Provide a default value for the property. This is the value that will be assigned to the
property for new objects unless explicitly specified otherwise.
- Click on the "Next" button to proceed.

4. Assign Values to Entities and Existing Custom Properties:

- Select the entities (nodes, volumes, etc.) or existing custom properties to which you
want to assign the newly created custom property.
- For each selected entity or property, specify the value of the custom property.
- Click on the "Assign Values" button to apply the property values to the selected
entities or properties.

5. Verify Custom Property Creation:

- Navigate to the "Manage Custom Properties" page again.
- Verify that the newly created custom property is listed under the appropriate object
type.
- Click on the property name to view its details, including its data type, default value,
and assigned values.
Remember that custom properties can be used in various ways to enhance the
management and monitoring of your network devices in Solar Winds Orion Platform.
You can create custom alerts based on property values, generate reports that include
custom property data, and organize your network objects based on custom property
values.