The system has three-tier architecture: the information is collected by monitoring agents (either our own high-performance agents or SNMP agents) and delivered to monitoring server for processing and storage. Network administrator can access collected data using cross-platform Management Console, Web Interface or Management Console for Android.
All network infrastructure monitored by NetXMS inside monitoring system represented as a set of objects. Each object represents one physical or logical entity (like host or network interface), or group of them. Objects are organized into hierarchical structure. Each object has it’s own access rights. Access rights are applied hierarchically on all children of object. For example if it grant Read access right for user on a Container, than user have Read right on all objects that contains this Container. Every object has set of attributes; some of them are common (like id and name or status), while other depends on object class – for example, only Node objects have attribute SNMP community string. There are default attributes and custom attributes defined either by user or integrated application via NetXMS API.
NetXMS has eight top level objects –
Network Map Root,
Report Root, and
Business Service Root. These objects served as an
abstract root for appropriate object tree. All top level objects has only one
editable attribute – name.
|Object Class||Description||Valid Child Objects|
|Entire Network||Abstract object representing root of IP topology tree. All zone and subnet objects located under it. System can have only one object of this class.||
|Zone||Object representing group of (usually interconnected) IP networks without overlapping addresses. Contains appropriate subnet objects.||
|Subnet||Object representing IP subnet. Typically objects of this class created automatically by the system to reflect system’s knowledge of IP topology. The system places Node objects inside an appropriate Subnet object based on an interface configuration. Subnet objects have only one editable attribute - Name.||
|Node||Object representing physical host or network device(such as routers and switches). These objects can be created either manually by administrator or automatically during network discovery process. They have a lot of attributes controlling all aspects of interaction between NetXMS server and managed node. For example, the attributes specify what data must be collected, how node status must be checked, which protocol versions to use etc. Node objects contain one or more interface objects. The system creates interface objects automatically during configuration polls.||
|Cluster||Object representing cluster consisted of two or more hosts.||
|Interface||Interface objects represent network interfaces of managed computers and devices. These objects created automatically by the system during configuration polls or can be created manually by user.|
|Network Service||Object representing network service running on a node (like http or ssh), which is accessible online (via TCP IP). Network Service objects are always created manually. Currently, the system works with the following protocols - HTTP, POP3, SMTP, Telnet, SSH and Custom protocol type.|
|VPN Connector||Object representing VPN tunnel endpoint. Such objects can be created to add VPN tunnels to network topology known y NetXMS server. VPN Connector objects are created manually. In case if there is a VPN connection linking two different networks open between two firewalls that are added to the system as objects, a user can create a VPN Connector object on each of the firewall objects and link one to another. The network topology will now show that those two networks are connected and the system will take this condition into account during problem analysis and event correlation.|
|Service Root||Abstract object representing root of your infrastructure service tree. System can have only one object of this class.||
|Container||Grouping object which can contain nodes, subnets, clusters, conditions, or other containers. With help of container objects you can build object’s tree which represents logical hierarchy of IT services in your organization.||
|Condition||Object representing complicated condition – like “cpu on node1 is overloaded and node2 is down for more than 10 minutes”. Conditions may represent more complicated status checks because each condition can have a script attached. Interval for evaluation of condition status is configured in Server Configuration Variables as ConditionPollingInterval with default value 60 seconds.|
|Template Root||Abstract object representing root of your template tree.||
|Template Group||Grouping object which can contain templates or other template groups.||
|Template||Data collection template. See Data Collection section for more information about templates.||
|Network Map Root||Abstract object representing root of your network map tree.||
|Network Map Group||Grouping object which can contain network maps or other network map groups.||
|Network Map||Network map.|
|Dashboard Root||Abstract object representing root of your dashboard tree.||
|Dashboard||Dashboard. Can contain other dashboards.||
|Business Service Root||Abstract object representing root of your business service tree. System can have only one object of this class.||
|Business Service||Object representing single business service. Can contain other business services, node links, or service checks.||
|Node Link||Link between node object and business service. Used to simplify creation of node-related service checks.||
|Service Check||Object used to check business service state. One business service can contain multiple checks.|
|Rack||Object representing rack(works like container)||
Each object has a status. Status of the object calculated based on polling results, status of underlying objects, associated alarms and status DCIs. For some object classes, like Report or Template, status is irrelevant. Status for such objects is always Normal. Object’s status can be one of the following:
|0||Normal||Object is in normal state.|
|1||Warning||Warning(s) exist for the object.|
|2||Minor||Minor problem(s) exist for the object.|
|3||Major||Major problem(s) exist for the object.|
|4||Critical||Critical problem(s) exist for the object.|
|5||Unknown||Object’s status is unknown to the management server.|
|6||Unmanaged||Object is set to “unmanaged” state.|
|7||Disabled||Object is administratively disabled (only applicable to interface objects).|
|8||Testing||Object is in testing state (only applicable to interface objects).|
Objects can be unmanaged. In this status object is not polled, DCIs are not collected, no data is updated about object. This status can be used to store data about object that temporrary or at permonently unavailabe or not managed.
This is special status, because it is not included in usual status lit. This status prevents event processing for special node. While this status node is still polled and DCI data is still collected, but no event is generated.
NetXMS is event based monitoring system. Events can come from different sources (polling processes (status, configuration, discovery, and data collection), SNMP traps, and directly from external applications via client library.) and all are forwarded to NetXMS Event Queue. All events are processed by NetXMS Event Processor one-by-one, according to the processing rules defined in Event Processing Policy. As a result of event processing, preconfigured actions can be executed, and/or event can be shown up as alarm.
Usually alarm represents something that needs attention of network administrators or network control center operators, for example low free disk space on a server. NetXMS provides one centralized location, the Alarm Browser, where the alarms are visible. It can be configured which events should be considered important enough to show up as alarm.
For some type of objects NetXMS server start gathering status and configuration information as soon as they are added to the system. These object types are: nodes, conditions, clusters, business services. This process called polling. There are multiple polling types, usually performed with different intervals:
|Status||Determine current status of an object|
|Configuration||Determine current configuration of an object (list of interfaces, supported protocols, etc.)|
|Topology||Gather information related to network topology|
|Discovery||Find potential new nodes during network discovery cycles|
|Routing||Gather information about IP routing|
|Instance Discovery||Verify all DCIs created by instance discovery process|
|Network Discovery||Searches for new nodes|
From each node NetXMS can collect one or more metrics which can be either single-value (“CPU.Usage”), or table (“FileSystem.Volumes”). When new data sample is collected, it’s value is checked against configured thresholds. This documentation use term Data Collection Item to describe configuration of metric collection schedule, retention, and thresholds.
Metrics can be collected from multiple data sources:
|Internal||Metrics internal to the server (server statistics, etc.)|
|NetXMS Agent||Data is collected from NetXMS agent, which should be installed on target node. Server collect data from agent based on schedule.|
|SNMP||SNMP transport will be used. Server collect data based on schedule.|
|Push||Values are pushed by external system (using nxpush or API).|
|Windows Performance counters|
|Check Point SNMP|
|Script||Value is generated by NXSL script. Script should be stored in Script Library.|
NetXMS can detect new devices and servers on the network and automatically create node objects for them. Two modes are available – passive and active.
In passive mode server will use only non-intrusive methods by querying ATP and routing tables from known devices. Tables from the server running NetXMS are used as seed for passive discovery.
In active mode server will periodically scan configured address ranges using ICMP echo requests in addition to passive scan methods.
All communications are encrypted using either AES-256, AES-128, or Blowfish and authenticated. As additional security measure, administrator can restrict list of allowed ciphers.
Agent authenticate incoming connections using IP white list and optional preshared key.
User passwords (if internal database is used) as hashed with salt with SHA-256.
All shared secrets and passwords stored in the system can be obfuscated to prevent snooping.