The SNMP protocol defines three basic components: managed devices, agents and network-management systems (NMS). A managed device could be a network camera with an embedded agent that collects information from the device and sends it to the NMS via SNMP. The NMS is the interface to the user, providing a dashboard on the current status of the managed devices. It can also be programmed to alert you when thresholds have been reached, which would serve as an early warning that something was trending in the wrong direction.
Read, trap and probe to a healthier security network
Information from a managed device is either requested by the NMS through a "read" command or sent to the NMS through what is termed a "trap." For example, an NMS might send a read command to the Chicago server for the current CPU utilization and receive a reply that shows utilization levels at 50 percent. A trap is typically used to report information that indicates a predetermined threshold has been exceeded. In fact, a common trap that's actually found in network cameras today is the authentication of credentials, which would alert operators to unauthorized attempts to gain access to a camera. If we went back to the example of a server in Chicago where utilization was at 90 percent, a trap would be sent out because the system was programmed to raise the alarm if utilization reached 90 percent or higher.
Another tool used by network management systems is called a "probe." Probes are written to test specific functions of an application and report back whether they are within acceptable guidelines. For example, a probe could be written to determine if your VMS is actually recording the video it's receiving.
The network management system could also use an "agent" embedded on a network switch to monitor bandwidth of an individual switch port. In this instance, the NMS might report an unexpected increase in bandwidth utilization by a specific network camera, which would prompt security to investigate the matter further. Interestingly enough, you might trace the increase bandwidth to any of several reasons, such as the camera being pulled significantly out of focus or poor lighting conditions at dusk, causing the image to stream with excessive noise. Or it could be as simple as one camera was streaming using MJPEG compression while all the other cameras in the vicinity were streaming with more efficient H.264. All of these situations could be easily remedied if you knew they were occurring.
Knowing the right questions to pose
When it comes to network monitoring, the real issue is not the technological capability of these systems but rather the knowledge of the people programming them. If the integrator didn't know that a network loop is a bad thing – a situation where two switches constantly send the same data between them causing bandwidth bottlenecks – then they wouldn't know to program the NMS to notify the user when it happens. Writing probes also requires knowledge of the application, which again points to experienced people on staff. If you don't have the personnel or the funds to deploy an NMS yourself, then you can opt for an intelligent service offering such as Net.Monitor.
Using network monitoring to document your SLAs
Many applications are being moved to the cloud, which makes network management all the more important. Being able to quickly pinpoint exact areas of failure or predict them before they happen enables companies to efficiently solve problems without the headache of finger pointing. It also is a great platform for reporting on Service Level Agreements (SLAs).
Just like the message center in your car informing you that it is time for service or that tire pressure is low, SNMP-enabled systems provide security professional with real-time health checks of their integrated security systems. Beyond the obvious benefit of proactively notifying you that something is wrong or trending in a problematic direction, it also gives you the ability to objectively report on system effectiveness. Imagine coming to your next annual review with a report in hand that provided indisputable proof that all your cameras remained 99.999 percent operational. And regarding the one issue that did arise, you were able to fix it during scheduled downtime before compromising security operations.
About the author: James Marcella has been a technologist in the security and IT industries for more than 17 years. He is currently the Director of Technical Services for Axis Communications.