HC VIN CNG NGH BU CHNH VIN THNGC S TI THNH PH H CH MINH N MN QUN TR MNG

TM HIU V TRIN KHAI CC CNG C QUN TR MNG

(S dng Tool Performance trong Win2k3 v Solarwind)

Nhm sinh vin thc hin :

1. Trng nh Hong

2. Nguyn Duy Cng

3. Nguyn Th Thanh Minh

4. Nguyn Th Thanh Tho

5. V Thanh Tho

6. V Th Hong Yn

BNG PHN CNG

1. Trng nh Hong : Qun tr Accouting 2. Nguyn Duy Cng : Qun tr Security3. Nguyn Th Thanh Minh : Qun tr Performance trong Win2k3 4. Nguyn Th Thanh Tho : Qun tr Fault5. V Thanh Tho : Qun tr Performance trong Solarwind6. V Th Hong Yn : Qun tr ConfigurationMC LC

Qun tr Performance trong Win 2k3

I.Mc ch

II.Cng c qun tr performance trong win 2k3

1.System monitor

2.Counter Logs

3.Cc dng biu din kt qu gim st

4.Alerts

5.Trace logs

III.Case study

IV.Kt lun :

Qun tr Performance trong Solarwind

I.Cc thng s MIB lin quan

a.Interfaces

b.IP

c.TCP

d.ICMP

e.UDP

II.Tm hiu cc nhm qun tr MIB v c i tng lin quan

a.MIB Viewer

b.Mib-walk

c.Update System MIB

d.SNMP MIB Browser

III.Monitor h thng (polling & trapping)

IV.Kt lun

V.Case study

Qun tr Fault

I.Mc tiu

II.Gii thiu

III.Qun tr li trong Win 2k3 vi cng c Perfomance

1.Thc hin polling

2.Thc hin trapping

IV.Qun tr li vi Network Perfomance Monitor trong Solarwind

1.Cc thng s quan tm n qun tr li

2.Thc hin polling

3.Thc hin trapping

V.Nhn xt

VI.Case study

Qun tr Security

I.Gii thiu v Security Management

II.Security Management

1.Bo mt trn Win server 2k3

2.Qun tr bo mt trn cng c Solarwind

a.SNMP Brute Force Attack

b.Port Scanner

c.Gii thiu phn mm Microsoft Baseline Security Analyzer

III.Tng kt

Qun tr Accounting

I.Tp MIB c s dng cho qun tr Accounting

II.Case study

Qun tr Configuration

I.M hnh qun tr

II.Tm hiu cng c Solarwind Orion Network

Configuration Management

1.Ci t

2.To CSDL

3.Discover v import thit b qun tr

4.Xem v thit lp cc thng s baseline ban u

5.Thit lp Event Log

6.Theo di

III.Case study

IV.Lp phiu thay i cu hnh v phn tch cc nh hng

lin quan n bo mt

Tng kt, nh gi chung v hai cng c qun tr

Ti liu tham khoQUN TR PERFORMANCE TRONG WIN 2K3

I. Mc ch :

Tm hiu v khai thc cc chc nng c trong tool performance ca win2k3 Xy dng case study v qun tr performance dng tool performace trong win2k3 Nhn xt nh gi cng c performance trong 2k3 II. Cng c qun tr Performance trn Window :

L mt cng c c tch hp sn trn cc h iu hnh window (t win 2000) cho php chng ta qun l trn my local hoc qun l cc my xa.

s dng chng trnh ny, ta vo : Start ( Control Panel ( Administrative Tools ( Performance

Chng trnh gm cc nhm chc nng chnh:

* Gim st hot ng h thng System Monitor: T y ta c th gim sot hot ng ca Memory, physicaldisk, processor...vv.

* Performace logs and alerts:

Gm Counter log ,Trace log v Alert log :ta c th thu thp thng tin mt cch t ng t mt my tnh cc b hoc mt my tnh iu khin t xa.

Ta c th thu thp thng tin di dng Binary hoc c s d liu SQL (file text).

- Counter logs:

y l cng c gip ngi qun tr c th theo di nht k hot ng ca mt hoc nhiu i tng m ta quan tm.

- Trace log :

Ghi li cc s kin khi h thng chy cc ng dng v d khi nhp xut a cng hoc c mt trang li xut hin. Khi c s kin xy ra, dch v Performance Logs and Alerts ghi chng vo mt file log.

- Alerts:

L cng c gip chng ta c th nhn c nhng thng bo do s vt qu mt ngng no (do ta ci t).

1. System monitor:

Ti my NMS ta tin hnh qun tr mt s thng s ICMP ca my Agent

y ta kho st 2 thng s l:

Received Echo Reply/sec: (icmp.icmpInEchoReps) S gi ICMP Echo Reply nhn c trong 1s

Received Echo/sec: (icmp.icmpInEchos ) s gi ICMP Echo nhn c trong 1s.

Trong file bt gi ta thu c cc gi ICMP Request v ICMP Reply

2. Counter logs:

Polling (s dng counter logs) l mt c ch thu thp thng tin mang tnh ch ng t nh qun tr. Khi ngi qun tr quan tm n mt gi tr tham bin no th gi yu cu ly cc thng tin t my client.

M hnh mng nh sau:

Tin hnh bng cng c qun tr performance ca Windows, sau bt gi v phn tch .

Cc bc tin hnh: Control Panel Administrative tools Performance .

Trong phn polling ta chn Counter Logs thu thp thng tin v Interface.

Click phi vo Counter Logs Chn New Log Settings

Thu thp thng tin v Network Interface trn my Agent (192.168.188.4), cc thng s quan tm l: Byte Received/sec, Bytes Sent/sec, Bytes Total/sec, Current Bandwith, Packets Outbound Discarded, Packets Received Errors.

Sau khi add cc i tng ta nh thi gian polling l 10s gi thng tin v 1 ln :

nh dng file log l Text File (Tab delimited) :

Thit lp thi gian bt u thu thp thng tin:

Sau khi add xong cc counter, chy bt u vic thu thp thng tin. nh k 10 giy my agent s gi d liu v my qun tr.

Ngoi ra trn my agent cng c th s dng System Monitor xem xt gi tr ca nhng counter thay i nh th no.

Nhn xt:

Cc thng s Bytes Received/ sec, Bytes Send/ sec, Bytes Total/ sec cho php nh gi hiu qu hat ng ca Interface. D liu t my Agent gi nh k v gip ngi qun tr c th xem xt nh gi hot ng ti tng thi im.

Nu nh trong mt khong thi gian no , nhng gi tr thu v vt qu nhng gi tr cho php(tng s byte nhn c tng ln t ngt so vi bnh thng) th c th xy ra li hoc b tn cng .

Ngoi ra vic lu lng tng ln cng c th do nhu cu s dng tng ln, vic thu thp thng tin gip ngi qun tr lp k hoch cho s pht trin ca h thng mng.

Cc thng s Packets OutBuond Discard, Packets Received Errors cho php nh gi tin cy.

Dng wireshark tin hnh bt gi v phn tch gi tin, ta thy:

thc hin polling , my NMS gi gi DCERPC (Remote Procedure Call li gi hm xa bao gm cc th vin v cc dch v cho php cc ng dng phn tn hot ng c trong mi trng Windows) n Agent. NMS ang m port 1041 gi request n my Agent ang lng nghe port 445.

Cu trc ca gi DCERPC Request c dng nh sau :

My Agent sau khi nhn c yu cu t my NMS th gi li Response cho Agent vi source port 445, destination port 1041:

Cu trc ca gi DCERPC Respone :

My NMS nhn c Response ca my Agent th gi li ACK cho my Agent xc nh rng nhn c thng tin phc p.

Nhn xt:

Vy qu trnh thu thp d liu bng c ch polling trong Windows c th c m t nh sau: My NMS gi gi DCERPC n my Agent. My Agent nhn c v tr li bng gi DCERPC..

3. Cc dng biu din kt qu gim st : biu , khi, report

chn loi kt xut, ta vo System Monitor ( Propertites ( General

Dng biu :

Dng khi :

Dng report :

ngha ca tng loi kt xut :

Dng report: th hin nhng thng s quan tm di dng nhng con s c th, gip cho ngi qun tr c th xc nh chnh xc s chnh lnh gia gi tr thu c ti thi im hin ti vi gi tr baseline tng ng. T a ra quyt nh thay i ra sao ph hp vi h thng ang vn hnh.

Dng th: th hin di dng th. Mc ch ca loi hin th ny gip cho ngi qun tr c ci nhn bao qut v mt nhm cc i tng ang quan tm, xem xt h thng c ang vn hnh tt hay khng, c gi tr no tng t bin hay khng, t c th a ra nhng bin php phng trnh kp thi.

Dng khi: th hin di dng khi (histogram). Vi vic biu din thng qua hnh thc ny gip cho ngi qun tr thy r s chnh lch gia mt vi i tng quan tm. T ngi qun tr xem xt c nn iu chnh gi tr no cho ph hp hay khng.

4. Alerts:

S dng chc nng Alerts c trong cng c performance ca win2k3. Cng c ny gip chng ta c th nhn c nhng thng bo khi c s vt qu mt ngng no ( cc thng s baseline do ta ci t).

V d khi s tin trnh vt qu 36 tin trnh cho hin thng bo.

Tin hnh to mi mt Alert nh sau:

Chn i tng v counter quan tm :

Khi s tin tnh vt qu 36, ta thit lp cho h thng bit thng bo s c gi v my NMS (192.168.188.3):

V khi bn my Agent c s tin trnh vt 36, mt thng bo s c gi v cho my NMS c dng :

S kin c lu tr trong Event Viewer :

5. Trace logs :

Cch to mt trace log :

Ti ca s Performance logs and alerts, click chut phi vo Trace logs, chn new logs setting:

Ti tab General ta chn ng dn lu file, trng thi ca nh cung cp, cc s kin s c ghi li bi nh cung cp h thng .

Ti tab Log files, ta chn kiu file s lu:

Ta c th chn khong thi gian theo di.

tab Advanced chn kch thc buffer cho d liu file log, s buffer v thi gian nh k chuyn d liu t buffer vo file trn a cng, nu khng chn thi gian ny th khi buffer y s c chuyn vo a cng.

III. Case Study:

Vinagame l mt cng ty kinh doanh game online ti th trng Vit Nam. Gn y cng ty tip tc pht trin thm loi hnh kinh doanh dch v webgame cho cng ng gii tr o (sn phm Zing me). Thi gian u a vo th nghim h thng vn hnh rt tt, m bo tc truy xut ca ngi chi. Nhng thi gian gn y, cng ty thng xuyn nhn c phn nh ca gamer v tnh trng kh truy cp, h thng x l chm trong thao tc mua bn cc sn phm trong game. V vy, nhn vin qun tr mng trong cng ty tin hnh kho st xem u l nguyn nhn gy ra tnh trng .

Cc thng s cn quan tm l : s kt ni truy cp vo server game trong cng mt thi im, tnh trng CPU (CPU load) v dung lng b nh (Available Memory )cn trng.

Sau khi tin hnh kho st cc vn trn, kt qu nhn c nh sau :

S kt ni truy cp vo server game :

Biu CPU load & Available Memory :

T hnh trn ta thy CPU lun trong tnh trng qu ti, b nh sn c p ng s vn hnh ca h thng lun ch s rt thp.

T cc vn va phn tch trn, ta nhn thy rng nguyn nhn gy ra vn l do s lng ngi chi truy cp vo server qu ng, server khng cn b nh p ng nn gy ra tnh trng nghn ng truyn. gii quyt vn ny, nhn vin qun tr trong cng ty quyt nh nng cp phn cng cho server game, ng thi trang b thm 1 server mi chia ti cho server ang dng. Sau tip tc theo di thm tnh trng ca h thng trong mt khong thi gian ta thy tnh trng hot ng i vo trng thi n nh

Mc d tnh trng nghn server c khc phc, tuy nhin d on trong thi gian ti s lng gamer truy cp vo tr chi ngy cng ng, i hi i ng qun tr mng trong cng ty phi thng xuyn theo di tnh trng hot ng ca h thng c nhng bin php x l kp thi.

IV. Kt lun :

Tools Performance trn window dng qun l cc thng tin trn my local v remote. Vic qun l kh n gin bng giao din c sn thn thin vi ngi dng. Qua giao din ca chng trnh ngi dng d dng thu thp cc thng tin cn thit v t to ra cc cnh bo m khng cn nhng hiu bit chuyn su ca ngi qun tr mng.

Trong Windows, khng s dng SNMP thu thp thng tin. Vic thu thp thng tin u s dng giao thc RPC vi s h tr ca TCP. S dng gi DCERPC thu thp thng tin t xa . Do , trong qu trnh bt gi s thy c cc gi TCP.

chy c tool ny phi vo bt cc dch v trong service c th l cc dch v sau: Remote Registry, Remote Procedure Call (RPC), Remote Procedure Call (RPC) Location. Ngoi ra thc hin c chc nng Alert cn phi start dch v Messenger. Nhng hin nay, RPC khng cn an tan, cc hacker tn cng mng thng qua dch v RPC. Windows hin ang cp nht sa li li ny.

QUN TR PERFORMANCE TRONG SOLARWIND

I. Cc thng s Mib lin quan n qun tr performance:

a) Interfaces (1.3.6.1.2.1.2)

ifInOctets: s octet nhn c trn mt interface. ifInUcastPkts: s gi unicast nhn c trn mt interface. ifInNUcastPkts: s gi khng phi l unicast nhn c trn mt interface. ifOutOctets: s octet gi ra t mt interface. ifOutUcastPkts: s gi unicast gi ra t mt interface. ifOutNUcastPkts: s gi khng phi l unicast gi ra t mt interface. ifSpeed: bng thng hin ti trn interface tnh theo n v bit/s. ifInErrors: s packet nhn c b li trn mt interface. ifInDiscard: s packet nhn c khng c li b loi b. ifOutDiscard: s packet b loi b khi ra ngoi interface.b) IP (1.3.6.1.2.1.4)

ipInReceive: tng s datagram nhn c bao gm cc gi b li.

ipReasmReqds: s lng ca cc phn mnh IP nhn m ang ch ti hp.

ipReasmOKs: s lng ca cc gi IP ti hp thnh cng.

ipReasmFails: s lng cc gi khng thnh cng c pht hin bi thut ton ti hp ca IP.

ipReasmTimeout: thi gian ti a (tnh bng giy) ch nhn cc phn mnh ang ch ti hp.

ipForwDatagram: s datagram c forwarding.

ipInDiscards: s lng cc gi IP nhn vo b loi b (trn b m).

ipInDeliver: : s lng cc gi IP nhn vo c chuyn ln cc lp trn.

ipOutRequests: s lng cc gi IP chuyn ra ngoi theo yu cu.

ipOutDiscards: s lng cc gi IP chuyn ra ngoi b loi b.

ipFragOKs: s lng ca cc gi IP m phn mnh thnh cng.

ipFragFails: s lng ca cc gi IP m b loi b bi v chng khng th b phn mnh.

ipAdEntReasmMaxSize: kch thc ln nht ca gi IP m c th ti hp li t cc phn mnh ca gi IP n nhn c ti interface ny.

c) TCP (1.3.6.1.2.1.6)

tcpMaxConn: s kt ni TCP ti a. tcpActiveOpens: s ln cc kt ni TCP to ra mt chuyn tip n trng thi SYN-SENT t trng thi CLOSE.

tcpPassiveOpens: s ln cc kt ni TCP to ra mt chuyn tip trc tip.

tcpAttempptFails: s ln th kt ni b li.

tcpEstabResets: s cc reset xut hin.

tcpCurrEstab: s kt ni c trng thi hin ti l ESTABLISHED hay CLOSE-WAIT.

tcpInSegs: tng s segment nhn.

tcpOutSegs: tng s segment gi.

tcpRetransSegs: tng s segment b truyn li.

tcpOutRsts: tng s segment c gi.

d) ICMP {1.3.6.1.2.5} : cha s liu thng k u vo v u ra cc gi ICMP giao thc thng ip iu khin Internet. Cung cp cc thng ip iu khin ni mng v thc hin nhiu vn hnh ICMP trong thc th b qun l. Gm 26 i tng v hng duy tr s liu thng k cho nhiu loi bn tin, phc v cho vic qun tr performance v d nh:

icmpInMsgs: tng s thng ip ICMP i vo

icmpInErrorss: s cc thng ip ICMP i vo c cha li

icmpInDestUnreachs: s thng ICMP khng c c ch n

icmpInTimeExcds: s cc thng ip ICMP vt qu thi gian

icmpInParmProbs: s thng ip ICMP thng s kh hiu i vo

icmpInSrcQuenchs: s thng ip ICMP Source Quench i vo

icmpInRedirects: s thng ip ICMP Redirect nhn

icmpOutMsgs: tng s thng ip ICMP m entity th nhn

icmpOutErrors: tng s ln th gi thng ip ICMP b li

icmpOutDestUnreachs: s thng ip ICMP gi bo cc ch khng c c

icmpOutTimeExcds: s thng ip ICMP gi bo vt qu thi gian

icmpOutParmProbs: s thng ip ICMP gi bo vn v tham s

icmpOutSrcQuenchs: s thng ip ICMP Soure Quench gi

e) UDP {1.3.6.1.2.1.7} cung cp thng tin lin quan n hot ng ca UDP, v UDP l kt ni v hng nn nhm ny nh hn nhiu so vi nhm TCP. N khng phi bin dch thng tin ca nhng n lc kt ni, thit lp, ti lp... Cc thng s cn quan tm khi qun tr:

udpInDatagrams: tng s gi UDP c phn pht n cc UDP user

udpNoPorts: tng s gi UDP nhn khng c ng dng port ch

udpInErrors: tng s goi UDP nhn nhng n khng th c pht i cho cc nguyn nhn ngoi tr vic thiu mt ng dng port ch

udpOutDatagrams: tng s gi UDP gi t entity ny.

II. Tm hiu cc nhm qun tr Mib v cc i tng lin quan:

Kho st thng s Mib: SNMP Tools cung cp cc tin ch qun tr CSDL mib ca h thng. Cc thnh phn c bn SNMP Tools:

a. MIBViewer : h tr tm kim c s d liu MIB. Cung cp kh nng hin th bt k OID hoc table trong Mib Database. Mib Viewer s download, format, v hin th bt k mt bin SNMP Mib no. Vic n gin ch cn in tn bin Mib, tn Mib hoc mt OID....

V d: tham kho mt tham s Mib system c OID nh sau:

Kt qu thc hin:

Kt qu th hin mt s thng s v h thng ang qun tr nh tn h thng: web, v tr: tp hcm, thi gian bt u qun l: 1 gi 45 pht 16 giy....

b. Mib-walk: cung cp kh nng sinh ra 1 table cha tt c OID ca 1 thit b no .

c. Update System MIB: cho php update thng tin h thng ca thit b SNMP, bao gm Tn h thng, a ch, i tc.... S dng tool ny update thng tin trn cc thit b nh Hub, My in...

d. SNMP MIB Browser: cung cp kh nng truy cp n CSDL Mib c cung cp bi solarwinds, bn c th truy cp Mib tree, xem Mib table, tm kim nhng thng s qua Mib, hoc thay i nhng gi tr SNMP t xa.

SolarWinds MIB Browser cho php bn xem cu hnh v thc hin chi tit t cc thit b mng bng cch truy vn cc thng s Mib.

SolarWinds MIB Browser phn tch mt cch t ng nhng kt qu t mi truy vn SNMP v hin th thng tin trong form.Kt qu ca vic truy vn c th c ty bin.

Cc chc nng c bn SNMP MIB Browser:

1.Chc nng GET:

SNMP MIB Browser h tr mnh tnh nng GET trn interface cc b ln t xa. c th GET c i hi trn interface phi c bt tnh nng SNMP.MIB Browser qun l cc i tng bng cy MIB. C 2 chc nng chnh : Get Tree, Get Table.

Get Tree: lit k cc OID trn ct OID Name, cng vi cc thuc tnh tng ng trn cc OID .

Ta s thu thp thng tin v thng s tcpOutseg: kt qu thu c l tng s seg gi ra ngoi l 2395 seg.

Chng ta thc hin bt gi tin khi Get thng s mib ny:

Nhn xt:

Khi Get mt thng s Mib, my qun tr s gi gi SNMP get_request n my web, gi SNMP truyn trn nn UDP vi Port Source l 1059, Port Dest l 161. Khi my web lm agent s gi li mt gi SNMP get_response hi p my qun tr.

Khi nhn c gi respond, my qun tr tip tc gi mt gi get_BulkRequest yu cu thng tin v thng s mib tcpOutSeg, nhn c yu cu trn, my agent s gi tr v thng s mib yu cu.

SNMPv2 truyn chui mt m Community di dng plantext nn tnh bn mt khng cao.

GET Table : tng t nh GET Tree nhng n ch thc hin khi c Table trn nhng i tng c table . N lit k cc thuc tnh OID trn hng.

Kt qu: cc thng s mib thuc bng tcpConnTable c hin th bn phi bao gm cc thng s nh: tcpConnLocalPort, tcpConnLocalAdd, tcpConnState: trng thi kt ni, y kt ni tcp c thit lp.

2.Chc nng Set: thit lp gi tr thng s mib

Set c cc gi tr ca cc tham s, u tin Commnity string phi cho php thay i cc gi tr tham s.

Chn tham s cn set, ta ch c th set c cc gi tr ca cc tham s c thuc tnh Access l read-write (khi cc gi tr ca n s c mu xanh).

y ta s set thng s ipDefaultTTL nh sau:

Gi tr ban u: 128

Sau khi thay i gi tr:

Thc hin bt gi

Nhn xt:

Khi Set mt thng s Mib, my qun tr s gi gi SNMP set_request n my web, gi SNMP truyn trn nn UDP. Khi my web lm agent s gi li mt gi SNMP get_response hi p my qun tr.

Khi nhn c gi respond, my qun tr tip tc gi mt gi get_Request set li gi tr ipdefaultTTL , khi set xong, my agent s gi tr v gi get_response hi p my qun tr.

III. Monitor h thng (polling & trapping) gim st kh nng thc thi ca h thng:

Polling: s dng tool Network Performance Monitor thc hin chc nng gim st h thng, l cng c gim st mng ti mt thi im thc nh theo di cc tin trnh, hot ng CPU, tnh trng b nh, gc tr ca mng,s gi b mt, lu lng mng,di thng...N c th gim st mi node iu khin v giao din qua SNMP m t li khi mt node reboot hoc l 1 interface b down.

1.Tin hnh polling gim st h thng mng ca chng ta:

in tn hoc a ch Ip ca my agent cn gim st

Tip tc nh hnh sau:

Cc ngun ti nguyn v c tnh mng c gim st:

a vt l, lun l, CPU, memmory.

Cc lung lu lng truyn thng trn mng.

Gim st ti CPU v vic s dng b nh: Gip ta gim st c cc thng s nh: ti trung bnh CPU, ti trung bnh ln nht nh nht, vic s dng b nh.

Kt qu gim st h thng mng ca chng ta: V d: ti TB ca CPU l 3% ( CPU ca my agent hot ng vi ti thp, nh nhng.

Phn trm b nh s dng:

B nh my web server hin ti cn tng i nhiu.

Gim st a vt l: gip ta gim st dung lng a, dung lng hay phn trm s dng...V d: phn trm a C my agent s dng ht khong 40%

Truyn thng trn mng:

a.Gim st cc lu lng vo ra trn cc interface, bao gm thng tin nh tc ra vo trn cc interface ( n v bps) ln nht, nh nht, trung bnh, lu lng truyn thng multicast, tc truyn v nhn d liu, tng s gi, tng s bytes truyn nhn trn interface....

V d: tc truyn d liu trn interface:

Tc nhn d liu trn interface:

Tng s packet Tx/Rx:

b.Gim st cc lu lng vo ra b li trn cc interface h thng: thng tin v t l cc gi b li v b loi b trn interface h thng, thu thp nhng thng tin ny cho php ngi qun tr bit c trnh trng mng ang hot ng nh th no.

V d: t l cc gi vo ra b li v loi b:

Nhn xt: cc gi li truyn v nhn c t l l 0% (hin ti mng hot ng rt tt.

c.Gim st cc thng tin hiu nng mng nh v tr v thi gian ch ca mng,bao gm thi gian ch hi p trung bnh, ln nht, nh nht, t l mt gi, tnh sn sng ca h thng... Cc thng s ny cho ta bit hiu sut mng ang hot ng nh th no

V d: thi gian hi p Trung bnh h thng

Tnh sn sng ca h thng:

( gn 100% ( h thng chng ta hot ng rt tt.

2. C ch polling: xem xt cc gi bt c khi thu thp cc thng s v traffic:

My Manager s dng SNMP get thng tin t my Agent.My Manager gi request n my Agent vi Port Source 1066 l v Port Dest l 161.

My Agent khi nhn c yu cu ca my Manager s gi mt response v my Manager cung cp cc thng tin v cc thng s mib ca my agent.

Nhn xt:

Tt c agent trong h thng c qun tr u hi p yu cu polling t Manager.

My qun l s dng messages thu thp thng tin qun tr v my agent dng chng tr li cho my qun tr.

Nhng SNMP messages dng thu thp thng tin l:

Get_request v get_Bulkrequest thu thp thng tin vi s lng ln (tng tnh performance ca h thng (SNMPv2,v3).

Get_response l mt xc nhn ca Agent.

2.Trapping : thu thp thng tin mang tnh t ng, ta s xc nh cc thng s cn quan tm v t mt mc ngng cho cc thng s . My qun tr s nhn c mt dng thng bo nu thng s hot ng ca mng vt ngng cho php.

V du: thit lp ngng s dng cho b nh h thng

Cc bc thc hin

To 1 Alert vi tn canhbao:

Chn thuc tnh Gim sat: y ta check vo %Used of Total System Memory

Chn my cn gim st: web server

Thit lp cc thng s ngng: ta thit lp ngng trap l 20%, nu b nh h thng hot ng vt ngng 20% ny s thc hin cnh bo

Thit lp thi gian thc hin trapping:

Hnh ng cnh bo khi vt ngng:

Kt qu trn cho thy tng b nh h thng hin ti ang s dng l 41% nn xut hin cnh bo cho admin.

C ch hot ng:

Thc cht trapping l mt lot cc hot ng polling m chng ta xt trn, my Manager s gi request v my agent s response lin tc cc thng s mib, my Manager kim tra cc thng s gi v, khi thy vt ngng s xut hin thng bo cho ngi qun tr:

Khi h thng vt ngng cho trc, 1 gi tin gi thng bo s c gi v cho my Magerment

4. Cc hnh thc biu din kt qu gim st:

Biu din bng biu graph: cung cp cho ngi qun tr mt ci nhn trc quan hn v cc thng tin thu thp c, so snh qua tng giai on pooling ca h thng:

Biu din bng cc thng s trn table: cung cp cc thng tin dng s.

Biu din kt hp c hai dng trn:

Nhn xt: SLW h tr biu din thng tin gim st di cc dng khc nhau, r rng, giao din thn thin gip cho ngi qun tr d dng quan st v nh gi cc thng s thu thp c.

IV. Kt lun:

Ngoi cc chc nng k trn, Solarwinds cn cung cp mt s cng c h tr qun tr performance khc nh:

Advanced CPU Load: gim st v v lc th hin ti trn cc Router Cisco v cc server

Bandwidth Gauges: m s lng d liu nhn c v truyn n bt k thit b mng xa no

Bandwidth Monitor: gim st bng thng

CPU Gauge: gim st ti ca CPU

Real-Time Interface Monitor: m t nhiu Router v Switch ng thi

Router CPU Load: gim st ti trn Router Cisco

y l mt cng c h tr c lc cho hot ng qun tr ca admin, vi giao din thn thin, d dng s dng. Nhiu tnh nng u vit gip tng hiu qu ca vic qun tr., chng trnh chy nh nhng, t tn b nh.

i vi Tool Solarwinds vic thc thi da trn SNMP truyn thng thng qua cc gi UDP. Do , n c lp vi c ch triu gi t xa RPC v hot ng ca n an ton hn Tool Windows nht l.

SNMPv1 v v2 : thng tin c truyn di dng plain text, k c community String. ( tnh bo mt d liu khng cao.

SNMPv3: truyn di dng m ha ( tnh bo mt cao.

V. Xy dng Case Study:

Ngi qun tr h thng phi m bo h thng lun trong qu trnh hot ng tt, v mt trong nhng nhn t quan trng trong qun tr performance l traffic trn cc interface. Trong hnh hung ny chng ta s i su hn vo vic qun tr lu lng trn interface. Cc vn cn quan tm y l: loi lu lng, thng k lu lng vo ra, thng k li, broadcast, unicast, tnh ton hiu sut hot ng ca h thng.

Hiu sut tnh ton bng cng thc sau:

Tuy nhin hiu sut c th khng th hin ht tnh trng hot ng ca h thng mng.

tin cy tnh theo cng thc sau:

By gi chng ta tin hnh polling thm d hot ng trn cc interface: y chng ta s ch n cc gi unicast, multicast cng nh boadcast.

Ch vo cc gi NonUnicast:

Ln th 1:

InNonUnicast: 558

OutNonUnicast: 218

Ln th hai:

InNonUnicast: 885

OutNonUnicast: 832

Tip tc polling lin tc, ta nhn thy cc gi boadcast v multicast cng ngy cng tng v c lc tng cao t ngt. Nu nh cc gi broadcast v multicast ny c qu nhiu (vt ngng c th chp nhn c - baseline) c th gy ra tnh trng bo broadcast, khi bng thng ca mng b cc gi ny chim gi, nh hng n hot ng mng, mng c th b loop.

Gii quyt: chng ta s xem xt gi tr baseline ca chng c th thit lp mt cnh bo trapping gi n nh qun tr khi s lng cc gi broadcast vt ngng cho php.

QUN TR FAULT

I. Mc tiu:

Tm hiu cc chc nng h tr qun tr li trong Windows, c th l cng c Performance.

Tm hiu cc chc nng h tr qun tr li ca cng c SolarWind,c th l Network Performance Monitor .

So snh 2 cng c.

II. Gii thiu:

Qun tr li l qu trnh ngn nga, pht hin,nh v ,c lp, sa li trong h thng mng.

Thc hin theo 2 c ch:

Reactive: khi no c li th ngi qun tr tm cch gii quyt.

Proactive: ngi qun tr phi ch ng trong vic d on li thng qua vic t ngng v gim st.

Cc bc qun tr li:

Xc nh i tng qun tr.

Pht hin vn da vo thng tin thu thp c qua :

Polling: my qun tr nhn thng s t my b qun tr gi v theo nh k.

Trapping: my qun tr t ra gi tr ngng ,my b qun tr nu vi phm ngng th gi thng bo v cho my qun tr.

nh v v c lp vn .

Tm cch gii quyt vn .

M hnh mng:

III. Qun tr li trong Windows vi cng c Performmance:

Vo Start -> Run -> g perfmon -> OK.

1. Thc hin polling : bng cch to Couter Log

S lc cch to 1 Couter Log:

Chn Add Counters

Chn i tng cn qun tr bng cch nhp IP hoc tn .

Ta xem ngha ca mi thng s counter bng cch : nhp chut chn couter -> chn Explain.

Chn thng s ->Add -> Close -> OK.

Mt s Counter Log c to qun tr li cho my WEB (192.168.188.4):

1)web-service : gim st dch v web

2)web-server : gim st hot ng trn chnh server WEB

3)web-processor : gim st vi x l ca server WEB

4)web-phydisk : gim st a vt l ca server WEB

5)web-page: gim st b nh ca server WEB

6)web-icmp: gim st cc gi ICMP ti server WEB (trng hp WEB m port 23)

7)web-tcp : gim st cc gi TCP ti server WEB

=>Vi cc couter log trn,ta thu thp c kh y thng tin cn thit thc hin cng tc qun tr li trn my WEB.

Mt v d phn tch file web-tcp_000001.bgl:

Nhn xt: S lng kt ni active (s lng kt ni TCP chuyn trc tip t trng thi SYN_SENT thnh CLOSED) kh cao.

Thc hin bt gi: couter.pcap

Giao thc c dng trao i thng tin gia my qun tr v WEB l DCERPC.

Port ca WEB (my b qun tr) l : Microsoft-ds (445).

C ch:

My qun tr (192.168.188.3)

WEB(192.168.188.4)

2. Thc hin trapping: bng cch to Alert.

S lc cch to 1 Alert:

Chn Add

Chn i tng cn qun tr bng cch nhp IP hoc tn .

Ta xem ngha ca mi thng s counter bng cch : nhp chut chn couter -> chn Explain.

Chn thng s -> Add ->Close.

y ,ta chn Alert khi gi tr cao hn 10. (xc nh gi tr ngng v cch vi phm ngng).

Chn tab Action->Nhp vo hnh vi x l khi xy ra vi phm ngng.

y,ta chn s : lu s kin vo application event log v gi message ti my qun tr l 192.168.188.3.

Chn OK.

Mt s Alert c to thc hin qun tr li trn server WEB (192.168.188.4):

1)trap-service: cnh bo khi s lng kt ni hin ti trn WEB ln hn 10.

2)trap-processor: thc hin cnh bo khi vi x l bn qu 85%.

3)trap-icmp: cnh bo khi s Echo nhn c /s ln hn 20.

Xt 1 v d vi phm ngng t Alert trap-service:

Khi s kt ni ti WEB l 11,vi phm ngng 10.

My qun tr l 192.168.188.3 nhn c message t chnh n gi :

V 1 s kin c lu trong Application event log ca my qun tr (vo Start->Programs->Administrative Tools->Event Viewer->Application ):

Thc hin bt gi: gi trap.pcap.

Cng l giao thc DCERPC c s dng thc hin vic truyn thng tin qua li gia my qun tr v WEB.

y, WEB (my b qun tr ) c port l: nestbios-ssn (139).

=>1 trong 2 port hoc 445 hoc 139 .

IV. Qun tr li vi Network Performance Monitor trong cng c SolarWinds:

1. Cc thng s quan tm i vi qun tr li:

System (1): sysDescr (1), sysObjectID(2) ,sysContact (4) ,sysName (5) ,sysService(7) ->Cn thit khi cn bo hnh,sa cha thit b.

Interface(2) : ifSpeed (5), ifOperStatus (8), ifInUcastPkts(11), ifInNUcastPkts (12),ifInDiscards (13), IfInErrors(14), IfInUnknownProtos(15), IfOutUcastPkts(17) , IfOutNUcastPkts (18), IfOutDiscards(19), IfOutErrors (20).

Ip (4) : ipInReceives (3), ipInHdrErrs(4), ipInAddrErrors(5), ipInUnknownProtos (7), ipInDiscards (8),ipOutDiscards(11), ipOutNoRoutes(12),IpReasmReqds(14), ipReasmOKs (15),ipReasmFails (16),ipFragCreates (19).

Tcp(6): tcpMaxConn (4), tcpActiveOpens(5), tcpPassiveOpens (6), tcpAttemptFails(7),tcpCurrentEstab(9), tcpRetransSegs (12), tcpInErrs (14),icpOutRsts (15).

Udp(7): udpInDatagrams(1), udpNoPorts(2), udpInErrors(3)

Icmp(5) : icmpInMsgs (1), icmpInErrors (2), icmpDestUnreachs (3),

icmpInEchos (8).

2.Thc hin polling:

Ta vo Solarwinds Engineers Toolset -> Network Monitoring -> Network Performance Monitor.

S lc cch lm:

Chn New ->Nhp vo IP i tng qun tr->Next

Nhp vo community string tng ng thit lp ti my b qun tr:

Chn Finish.

Trc ,ti my WEB (my b qun tr), ta thit lp SNMP Service : vo tab Traps v Security chnh:

Xt v d polling:

2. Thc hin Trapping:

S lc cch lm:

Ta to 1 Alert thc hin cnh bo khi b nh ca WEB b chim dng qu 3000byte.

Chn Alert..

Chn OK.

Xt v d trapping:

Thc hin bt gi:

Giao thc c dng trao i thng tin gia my qun tr v WEB l SNMP.

Port ca WEB (my b qun tr) l : snmp (161).

C ch:

My qun tr (192.168.188.3)

WEB(192.168.188.4)

Thng s MIB tng ng trong gi bt c c th hiu r hn thng qua MIB Browser:

V. Nhn xt:

Cng c performance: n gin, d thao tc .Cng tc qun tr da trn giao thc DCERPC vi port 139 hoc 445 ,hin nay l 1 l hng d b hacker khai thc tn cng.

Cng c Solarwind: nhiu chc nng qun tr,chuyn nghip hn, thn thin ngi dng.Cng tc qun tr da trn giao thc SNMP, vi version1 v version2 th khng an ton v community string truyn dng cleartext, d b khai thc tn cng.Vi SNMP v3 an ton hn vi c ch xc thc (MD5,SHA1) v m ha (DES56bit, AES128bit).

VI. Case study:

Nhn vin ca 1 phng ban khng truy cp vo WEB server c.

Ta cn kim tra:

-Kim tra 1 s thit b cc b in hnh ti phng ban, nh pc, switchxem c vn cc b g khng ?? ->fix ngay nu c th.

-Policy ???...->C th user b cm truy cp do chnh sch security qui nh.

-Giao tip Interface ti WEB :cn up hay khng ??..->Kim tra cc thng s MIB ca interface nu trn. -> up li giao tip.

-Connection hin c ca WEB + ti nguyn h thng p ng khng ?? ->kim tra cc thng s MIB ca tcp c nu trn + so snh cc thng s ti nguyn h thng qua cng c qun tr. -> nng cp ti nguyn h thng WEB hoc thm server load-balancing.

-Tn cng DoS,DDoS ???...-> Kim tra cc thng s MIB ca interface, tcp,icmp, ip nu trn. ->Xc nh IP tn cng lc chn.

DANH MC HNH S DNG TRONG QUN TR FAULTHnh 1: S lc cch to 1 couter log trong wins

Hnh 2: Mt s Counter Log c to qun tr li cho my WEB

hnh 3: Mt v d phn tch file web-tcp_000001.bgl

hnh 4: Thc hin bt gi: couter.pcap hnh 5: S lc cch to Alert trong winshnh 6: Mt s Alert c to thc hin qun tr li trn server WEB (192.168.188.4)hnh 7:Xt 1 v d vi phm ngng t Alert trap-service

hnh 8: Thc hin bt gi: gi trap.pcaphnh 9: S lc cch to polling trong SLW hnh 10: V d polling

hnh 11: S lc cch to trapping trong SLW hnh 12: V d trapping

hnh 13: Thc hin bt gi alert-snmp.pcap QUN TR SECURITY

I. Gii thiu v Security Managenment :

Qun tr Security l mt chc nng qun tr rt quan trng trong h thng mng ca chng ta. H thng hot ng n nh vi hiu sut cao v tnh an ninh c m bo l iu lun c mong mun. Mt h thng mng khi c Configuration, th song song vi vic qun tr Performance, Fault, Accouting th chc nng qun tr Security cng c quan tm hng u.

Pht hin cc xm nhp tri php vo h thng, thc hin cc bin php chng xm nhp, v li khi pht hin mt l hng no . Thc hin cc bin php an ninh thng qua vic a ra cc Policy c th. Nhm m bo an ninh cho ti khon ngi dng (Users) cng nh ti nguyn ca h thng mng (Resources).

II. Security Management :

1. Bo mt trn Window Server 2003

y chng ta c 2 my tnh c thit lp cu hnh nh sau

My Agent WEB cu hnh Domain Controller abc.com : IP 192.168.188.4

My NMS (Network Management System) Solarwind: IP 192.168.188.3

Cu hnh chnh sch Password cho vic ng nhp Password Policy

Vo Administrator Tool \ Domain Security Policy -> Chn Accout Policies -> Chn Password Policy

m bo ti khon chng ta l an ton, khuyn co nn t password theo cc chnh sch sau:

Enforce password history (gim sot password history): 24 password

Maximum password age: thi gian sng ti a ca password: 42 ngy

Minimum password age: thi gian ti thiu l 1 ngy

Minimum password length: 7 k t

Yu cu kh bt buc trong vic t password: enable. kh ti thiu 7 k t trong c k s, ch thng, ch hoa, v cc k t symbol (@,#..)

Thi hnh c ch xc thc ngi dng Authentication

Trong Window Server h tr mt giao thc xc thc kh mnh m v cht ch l Kerberos. Trong domain abc.com, to 1 user vi username: cuong

Vi cc ty chn cho user nh l:

Use DES encryption types for this accout

Do not require Kerberos

Accout is disable

Accout is trusted for delegation

..

V dng chng ta thc hin vic user cuong logon domain abc.com. Sau tin hnh bt gi, chng ta nhn c cc gi s dng giao thc xc thc Kerberos nh sau:

My tnh user cuong ng nhp vi IP 192.168.188.3

My server vi domain abc.com c IP 192.168.188.4

y chng ta ch n cc gi s dng giao thc KRB5 s dng giao thc xc thc Kerberos v5 (cc gi 3, 4, 5, 6)

AS: Authentication Server: my ch xc thc

TGS: Ticket Granting Server: my ch cp v

AS REQ : user1 yu cu my ch xc thc cho mnh

AS REP: my ch xc thc v cp cho user1 ID yu cu TGS cp v

TGS REQ: user1 yu cu TGS cp v c th ng nhp vo h thng

TGS REP: TGS cp v cho user1

Sau khi c cp v th user1 c th truy cp vo cc dch v mong mun

Chnh sch gim sot Audit Policy

Vo Administrator Tool \ Domain Controller Settings -> Local Policies -> Audit Policy

Cu hnh cc chnh sch gim sot:

Audit account logon events: gim sot ti khon ng nhp

Audit account management: gim sot ti khon qun tr

Audit directory service access: gim sot truy cp cc dich v

Audit object access: gim sot cc i tng truy cp

Audit policy change: gim sot thy i chnh sch

Audit privilege use: gim sot cc c quyn s dng

Audit process tracking: gim sot qu trnh theo di

Audit system events: gim sot cc s kin h thng

Phn quyn Right Management

Vo Administrator Tool \ Domain Controller Settings -> Local Policies -> User Rights Assignment

V d: Chng ta s cu hnh cho user1 chc nng Enable computer anh user account to be trusted for delegation (s truy cp tin cy) nh sau:

Add user hoc group vo form Add User and Group to s truy cp tin tng cho i tng cn chc nng ny.

Hoc t chi truy cp ca user1 thng qua Deny Log on as a service

V c th cu hnh rt nhiu chnh sch an ninh nh sau:

Ty theo hot ng cng nh yu cu ca mi h thng mng, qun tr vin c th cu hnh cc policy thch hp

2. Qun tr bo mt trn cng c Solarwind v9.2

Trn Solarwind h tr kh nhiu cng c gip ch cho vic qun tr an ninh mng. Mt s cng c nh:

SNMP Brute Force Attack

SNMP Dictionay Attack

Port Scanner

Remote TCP Session Reset

Edit Dictionaries

Cisco Route Password Decryption

Sau y chng ta s kho st mt s cng c nh sau:

a) SNMP Brute Force Attack

Gii thiu: SNMP Brute Force Attack l cng c cho php xc nh chui community string SNMP l read-only hay read-write bng vic th tt c cc k t cng nh ch s c th. Cng c ny c th ty chnh c th ch th cc k t nht nh hay cc chui community c chiu di c nh. S dng cng c ny, bn cn chp nhn cc tha thun v ng ch chy cc ng dng ny trn mng thuc quyn qun tr ca bn. Tuy y l mt cng c tn cng, nhng cc nh qun tr cng dng tm kim khi phc li cc SNMP community string.

Demo:

PC NMS thc hin Scan tm kim khi phc li chui community string trn PC Agent (IP nh hnh v)

Cu hnh nh sau:

Trn PC Agent: vo Administrator Tool/ Computer Management -> Chn Services -> chn SNMP services -> tab Security chng ta cu hnh 2 chui community nh sau

Trn PC NMS cu hnh nh sau: Khi ng ng dng SNMP Brute Force Attack -> chn Settings

tab General: ty chn chiu di ca chui community string ( y chng ta chn chiu di la 5)

Tab Character Set: s scan chui community bng vic th tt c cc k t thng

V bt u thc hin scan, ng thi thc hin bt gi bng Wireshark

Kt qu thu c l 2 chui community: ab v cd

Phn tch hot ng ca cng c trn da vo cc gi bt c

Nguyn tc hot ng l: PC NMS s lin tc gi ra cc gi tin Get-request km theo 1 k t sinh ra trong chui Custom Character Set m chng ta ci t. n khi chui k t get-request match vi chui k t community th PC Agent s gi Get-Respont li cho PC NMS xc nhn ng community string.

Trong gi tin sau, gi th 133, PC NMS gi chui ab v match vi chui community ca PC Agent

V ngay lp tc, PC Agent gi Respont xc nhn ng cho PC NMS gi 134:

Tng t vi chui community cd l gi 449 v 450

Sau khi scan c chui community string th tip tc kim tra chui l Read-Only hay l Read-Write. Bng cch PC NMS gi 1 gi Set-Request km theo 1 gi tr sysContact. PC NMS gi gi SET coi th community string c kh nng Write hay khng. Sau yu cu ly thng tin sysContact.0 trn my PC Agent xem vic SET c thnh cng khng. Nu khng th SET gi tr sysContact th community string l Read-Only. Ngc li, nu c th SET gi tr sysContact th community string l Read-Write

community string ab. PC NMS gi gi Set-Request nh sau:

V PC Agent gi Respont nh sau:

Gi tr sysContact khng th thay i nn ab l community string Read-Only

community string cd, cng tng t nh vy ta thu c kt qu sau:

V nhn c gi tin Respont nh sau:

D dng nhn thy vic Set sysContact (Test 241246) thnh cng. Suy ra cd l community string Read-Write

Nhn xt:

Nu chui community string l chui phc tp th vic d tm s rt kh khn v mt nhiu thi gian.

Vic d tm string thng qua vic gi Get-request lin tc cho n khi ng chui string, c th s b Firewall ngn chn.

L cng c c th dnh cho hacker tn cng ly chui community nn qun tr phi ht sc cn thn.

b) Port Scanner

Gii thiu: l cng c cho php discover t xa trng thi ca cc Port trn 1 a ch IP hay mt danh sch cc a ch IP. Qu trnh qut n gin c m t nh sau:

Tht ra th Port Scanner l mt cng c trong Solarwind nhng li khng h tr giao thc SNMP.

Gi tin bt c nh sau:

Nhn xt:

Cng c khng h tr giao thc SNMP nhng li rt cn thit cho cc nh qun tr. Cc nh qun tr d dng nhn bit c cc cng no c bt ln trong h thng mng ca mnh, cc cng no kh nghi, cng no c th hacker khai thc tn cng. Qua , c bin php ngn chn kp thi

Tuy nhin cng c ny ch cho php thu thp thng tin, ngi qun tr hon ton khng c php disable mt port no t xa, hay chuyn trng thi(t Up sang Down, ngc li) ca Port.

Ngoi ra, trong Solarwind cn h tr mt s cng c Security khc nh:

SNMP Dictionary Attack: ging nh SNMP Brute Force Attack cng dng thc hin vic d tm cc community string nhng theo phng php Dictionary. Tc l to mt th vin cha cc chui c th l community string, sao scan v i chiu 2 string, nu match th chui l community string. Vic scan c kt qu hay khng l ty thuc hon ton vo th vin bn to ra.

Remote TCP Session Reset: cho php qun tr vin hin th tt c cc session hot ng trn server u cui, router, dial server, hoc truy cp server v d dng reset bt k session no.

c) Gii thiu phn mm Microsoft Baseline Security Analyzer(MBSA)

Gip cc nh qun tr phn tch hin trng bo mt trn h thng Server Windows, thm ch a ra nhng thng tin hu ch hay cc li khuyn cho user bnh thng s dng my tnh. Phn mm ny cung cp mt cng c gim st, phn tch security, c cung cp min ph bi Microsoft. Giao din chng trnh nh sau:

Chng trnh c th qut theo 2 ty chn: Scan 1 my hoc scan nhiu my.

By gi chng ta s thc hin qut: my PC NMS c ci chng trnh MBSA s qut my PC Agent

Thit lp cc thng s nh sau:

Kim tra cc l hng qun tr Window

Kim tra mnh yu ca password

Kim tra l hng qun tr IIS

Kim tra l hng qun tr SQL

Kim tra cc cp nht bo mt

Start scan -> kt qu nh sau:

Scan Weak password cho kt qu sau

Nhn thy 2 password s dng mt khu khng c thi hn l Administrator v Guest

Administrative Vulnerabilities

Internet Information Services (IIS) Scan Results

SOL Server Scan Result

Sau khi thc hin scan, kt qu tr v l cc thng s lin quan n Security nh trn. Vi cc thng s c cnh bo t chng trnh, nh qun tr s nhn bit c v kp thi khc phc cng nh a ra cc chnh sch an ninh m bo hn.

Nhn xt: Cng c ny c Microsoft a ra b sung vo cc cng c m HH Windows cn hn ch. Gip ngi qun tr ch ng thu thp thng tin lin quan n account, password,

III.Tng kt :

Security Management l chc nng qun tr v cng quan trng trong mt h thng mng. i hi nh qun tr cn gim sot cht ch hot ng ca h thng mng, phn tch cc hnh vi kh nghi, a ra cc chnh sch m bo an ninh tt.

HH Windows c tch hp sn mt s nhng tin ch h tr chc nng qun tr Security cho nh qun tr mng. Domain Controller l ng dng quan trng trong vic qun trj bo mt. i hi cc chnh sch policy ph hp cng nh s thc hin nghim tc ca cc user.

cng c Solarwind, cng c chuyn dng qun tr mng th c mt s tnh nng nng cao hn. Solarwinds mc ch chnh l qun tr 2 chc nng: performance, fault kh k cng. kha cnh Security, Solarwinds gip cho ngi qun tr thu thp thng tin Port trong t chc, cng nh vic phc hi community

i vi Security Management, th vic qun tr khng lin quan n nhiu thng s MIB, c th kho st mt s thng s Mib sau y:

sysContact: on text nhn dng lin lc i tng cho vic qun tr node , cng cc thng tin lin lc vi node

sysObjectID: nhn dng xc thc nh cung cp ca h thng mng trong 1 thc th. Gi tr nhn dng c phn b trong cy SMI (1.3.6.1.4.1). v d nu nh cung cp l Flintstones, Inc. s c gn cy 1.3.6.1.4.1.4242 v c th gn 1.3.6.1.4.1.4242.1.1 nhn dng Red Router

ipDefaultTTL: thi gian sng ca mt gi tin ip. Nu thi gian sng ln, nhng gi tin khng th n ch c, gi tin s b loop trong mng. v nu c nhiu gi tin b loop th h thng mng s hot ng tr tru. Hacker c th li dng im yu ny gi nhiu gi tin b loop lm cho h thng mng tt nghnQUN TR ACCOUNTING

I. Tp MIB c s dng cho qun tr Accounting :

System MIB

-sysName(1.3.6.1.2.1.1.5) : Tn ca h thng

-sysDescr(1.3.6.1.2.1.1.1) : M t h thng

-sysContact(1.3.6.1.2.1.1.4) : Tn kt ni ca h thng

-sysObjectID(1.3.6.1.2.1.1.2) : ID ca h thng

-sysLocation(1.3.6.1.2.1.1.6) : V tr ca h thng

-sysUpTime(1.3.6.1.2.1.1.3) : Thi gian sau khi h thng qun tr khi to li

-sysServices(1.3.6.1.2.1.1.7) : Tp cc gi tr ch cc dch v m h thng ny c kh nng cung cp

-sysORLastChange(1.3.6.1.2.1.1.8) : Gi tr ca sysUpTime ti thi im c s thay i gn y nht trong trng thi hay gi tr bt k th hin no ca sysORID

-sysORTable(1.3.6.1.2.1.1.9) :

- sysOREntry(1.3.6.1.2.1.1.9.1) : Mt mc khi nim mi trong sysORTable - sysORIndex(1.3.6.1.2.1.1.9.1.1) : Bin ph tr c s dng xc nh cc trng hp ca cc i tng hinh cy ct trong sysORTable

- sysORID(1.3.6.1.2.1.1.9.1.2) : Mt xc nh thm quyn ca mt tuyn b kh nng i vi cc MIB module h tr bi cc thc th SNMPv2 ti din xut trong mt vai tr i l.

- sysORDescr(1.3.6.1.2.1.1.9.1.3) : Mt on m t cc kh nng xc nh bi cc th hin tng ng ca sysORID

- sysORUpTime(1.3.6.1.2.1.1.9.1.4) : Gi tr ca sysUpTime m lc hng nhn thc ny c th hin cui cngII. Case study:

- T my qun tr NMS ly thng tin v cc account hin c trn mt my agent.

C th l t my NMS 192.168.188.3 ly thng tin cc account hin c trn my Agent 192.168.188.4

Tin hnh:

-S dng IP Network Browser ca tool Solarwind bt u kho st

Hnh 1: Ci t trn my NMS kho st

Nhp a ch 192.168.188.4 ca my agent kho st.Thc hin Scan Device vi community l public.M chng trnh wireshark bt cc gi thng tin phn tch.

Hnh 2 :Cc thng tin ca gi bt c khi tin hnh

Nhn vo hnh 2 ta thy c ban u:

-My NMS ping th cho my Agent xem a ch cn xc nh Scan c tn ti hay khng.Sau l gi tin tr li ca my Agent.

Hnh 3:Gi tin yu cu thng s sysobjectID.0 ca NMS

-Tip my NMS tin hnh ly cc gi tin sysobjectID.0,sysName.0,sysDescr.0

Phn tch k cc gi tin ny da vo thng s m wireshark bt c bit c qu trnh qun tr ca my NMS.

Hnh 4:Thng s ca gi tin get-request sysObjectID.0

Hnh 4 hin th cho cc thng tin c trong gi tin get-request c gi t my NMS.

-Lc ny xut hin phng thc get cua giao thc SNMP,get c gi t NMS yu cu ti agent. Agent nhn yu cu v x l vi kh nng tt nht c th. Nu mt thit b no ang bn ti nng, nh router, n khng c kh nng tr li yu cu nn n s hy li yu cu ny. Nu agent tp hp thng tin cn thit cho li yu cu, n gi li cho NMS mt get-response.

-Trong gi tin ny ta ch trng variable-binding.y l trng thng tin cha l mt danh sch cc i tng ca MIB m NMS mun ly t agent. Agent hiu cu hi theo dng: OID=value tm thng tin tr li.Trn hnh 4,cho ta thy c 1 thng tin m NMS cn bit.C th y l MIB sysobjectID.

-Dy s 1.3.6.1.2.1.1.2.0 l OID c ngha sau:

* Vi 1.3.6.1.2.1.1 l: Object Identifier ch ti ti nhm system trong MIB.

C th l :

1 : ISO c gn OID

1.3 : t chc xc nh tiu chun ISO

1.3.6 : US Department of Defense

1.3.6.1 : OID assignments from 1.3.6.1 - Internet

1.3.6.1.2 : Qun l IETF

1.3.6.1.2.1 : SNMP-MIBv2

1.3.6.1.2.1.1 : System-MIB

Tip theo l .2 : Ch ti mt trng th 2 trong bng system l sysObjectID

.0 :l chi s v hng trong bng system,cc hang c nh s t 1 tr i.

Hnh 5: Gi tin tr li get-respone sysObjectID.0 ca my agent

Nhn vo trng variable-binding ca gi tin ta xc nh thng tin chnh ca gi tin ny.Khi my NMS hi thng s ca sysObjectID ca my Agent(1.3.6.1.2.1.1.2.0) th my Agent tra thng s MIB trong bng ca n v tr li li l 1.3.6.1.4.1.311.1.1.3.1.3-y l Object Identifier ca my Agent.Tra bng MSFT-MIB t Microsoft :

Hnh 6 : Bng MSFT-MIB ca Microsoft

Da vo bng trn ta thy vi cu tr li ca my Agent l 1.3.6.1.4.1.311.1.1.3.1.3 th ObjectID ca my Agent s l : dc.

Phn tch tng t vi cc gi tin sysName.0 v sysDescr.0

Hnh 7 : Gi tin get-request sysName.0

Vi OID : 1.3.6.1.2.1.1.5.0 NMS yu cu thng s MIB trong bng system.Vi hng th 5 l sysName.

Hnh 8 : Gi tin get-respone sysName.0 ca my Agent

Cu tr li ca my Agent cho NMS khi c hi v tn my l :WEB(Dng gch cui cng)

Hnh 9 Gi tin get-request sysDescr.0

Vi OID : 1.3.6.1.2.1.1.1.0 NMS yu cu thng s MIB trong bng system.Hng th 1 l sysDescr.

Hnh 10 : Gi tin get-respone sysDecsr ca my Agent

Cu tr li ca my Agent cho NMS khi c hi v cu hnh ca my l :Hardware(Dng gch cui cng)

Tip theo ta xem xt cc gi tin cha thng tin v cc account c trn my ca agent.Ti wireshark ta bt c cc gi c thng tin v account nh sau:

Hnh 11 : Cc gi tin cha thng tin v cc account

C th cc bc tin hnh ca NMS nh sau:

B1 : My NMS dng hm getnext hi thng tin v account c trn my Agent.

-Lc ny NMS dng hm getnext khc vi hm get o trn. get-next a ra mt dy cc lnh ly thng tin t mt nhm trong MIB. Agent s ln lt tr li tt c cc i tng c trong cu truy vn ca get-next tng t nh get, cho n khi no ht cc i tng trong dy

- y trong ta xem xt gi tin u tin ca NMS gi cho Agent khi yu cu thng tin v cc account trn agent.

Hnh 12 : Gi tin getnext-request u tin ca my NMS

Trong trng variable-binding c 1 thng tin yu cu.C OID l 1.3.6.1.4.1.77.1.2.25.1.1.i chiu vi bng LanMgr-MIB

Hnh 13 : LanMgr-MIB(c th tham kho thm y)

Ch vo dng gch ta nhn thy OID ca gi tin ny l yu cu cc thng tin ca account c trn nhnh svUserName trong bng svUserTable thuc bng sv.Phn tch c th OID ny rat a co th hiu nh sau: 1.3.6.1.4.1.77.1/.2.25.1.1 tng ng

iso.org.dod.internet.private.enterprises.lanmanager.lanmgr-2/.server.svU

serTable.svUserEntry.svUserName.Ban u y l gi tin yu cu thng s nn gi tr value ca n s l null.

Hnh 14 : Gi tin getnext-respone ca my Agent

Khi nhn c yu cu t NMS,Agent s tra bng MIB ca n v tr v gi tr gn nht m n c,nh trn hnh l : value(Octet String) : 47775657374-tc l account Guest(dng cui cng).Phn tch c th nh sau:

-Khi nhn c yu cu OID : 1.3.6.1.4.1.77.1.2.25.1.1.My Agent s vo nhnh svUserName trong bng svUserTable thuc bng sv ghi li cc thng s v tr li cho NMS.Cu tr li cho NMS c OID l : 1.3.6.1.4.1.77.1.2.25.1.1.5.71.117.101.115.116,lc ny Agent gi cho NMS account u tin l 5.71.117.101.115.116 phn tch cc octet ny ra th ta c kt qu l account Guest.

Tip theo th NMS sau khi nhn c cu tr li cho cu hi account trn nhnh svUserName u tin th n s tip tc gi yu cu tip theo qua gi tin trn wireshark nh sau:

Hnh 15 :Gi tin th 2 ca phng thc getnext-request t NMS

Nhn vo thng s ca gi tin th NMS dng phng thc getnext-request.OID ca gi tin l 1.3.6.1.4.1.77.1.2.25.1.1.5.71.117.101.115.116.C ngha l NMS yu cu Agent gi thng s ca account tip theo sao acc Guest va nhn c.y l gi tin yu cu nn gi tr value ca n l null.

Hnh 16 : Gi tin tr li ca Agent khi nhn c getnext-request th 2

Khi nhn c yu cu t NMS-gi thng tin acc tip theo sau acc Guest,Agent s tra bng MIB ca n v tr v gi tr sau Guest,nh trn hnh l : value(Octet String) : 6B7262746774-tc l account krbtgt(dng cui cng).Phn tch c th nh sau:

-Khi nhn c yu cu OID : 1.3.6.1.4.1.77.1.2.25.1.1.5.71.117.101.115.116.My Agent s vo nhnh svUserName trong bng svUserTable thuc bng sv,tip theo sau acc Guest ghi li cc thng s v tr li cho NMS.Cu tr li cho NMS c OID l : 1.3.6.1.4.1.77.1.2.25.1.1.6.107.114.98.116.103.116,lc ny Agent gi cho NMS account tip theo l 6.107.114.98.116.103.116 phn tch cc octet ny ra th ta c kt qu l account krbtgt(acc ca service Kerberos Distribution Key).

Tng t nh vy trn my NMS s nhn c acc tip theo trn my Agent l:

Hnh 17 :Gi tin p tr acc IUSR_WEB ca Agent

Acc IUSR_WEB (ti khon c bit dng trong cc truy nhp du tn trong dch v IIS) c value(octet String) : 49555352F574542-tc l acc ISUR_WEB

Hnh 18 : Gi tin p tr acc IWAM_WEB ca Agent

Acc IWAM_WEB(ti khon dng cho IIS khi ng cc tin trnh ca cc ng dng trn my c IIS) c value(octetString) : 4957414D5F574542-tc l acc IWAM_WEB

Hnh 19 : Gi tin p tr acc Administrator ca Agnt

Acc Administrator(ti khon c bit,c ton quyn trn my) c value(octetString) : 41646D696873747261746F72-tc l acc Administrator.

Hnh 20 : Gi tin p tr acc SUPPORT_388945a0 ca Agent

Acc SUPPORT_388945a0(ti khon dng cho cc dch v h tr) c value(octetString) l 535550504F33383934356130-tc l acc SUPPORT_388945a0

n lc ny nh trn NMS gi gi tin getnext-request tip tc hi acc sau acc SUPPORT_388945a0 th c Agent p tr nh sau:

Hnh 21 :Gi tin p tr sau khi nhn c getnext-request sau acc SUPPORT_388945a0

Sau khi nhn c yu cu tip theo ca NMS th Agent tip theo d tip bng svUserName,nhng lc ny ko cn acc no na nn p tr li cho NMS rng d qua ti 1 bng khc l bng svShareNumber-OID : 1.3.6.1.4.1.77.1.2.26.Nh vy ht acc ma NMS yu cu,value lc ny l interger 32:3 tc l interger :0 ht gi tr.

kim tra li qu trnh trn ta vo IP Network Browser th c kt qu sau :

Hnh 22 :Thng tin acc ca my Agent khi kim tra qua IP Network Browser

So snh vi thng s ca my Agent

Hnh 23 : Cc account trn my Agent

Nhn xt : ly acc trn my Agent th IP Network Browser s dng community ca my v dng hm Get,Getnext ly ton b thng tin trong bng MIB ca my Agent ri tr v cho NMSQUN TR CU HNH

I. M hnh qun tr:

II. Tm hiu cng c qun tr mng: SolarWinds Orion Network Configuration Management (NCM)

1. Bc 1: Ci t

+ SQL Server 2005 Express

+ Orion NCM

2. Bc 2: To c s d liu trong SQL ghi li thng tin qun tr:

3. Bc 3: Discover v Import thit b qun tr:

4. Bc 4: Xem thit lp cc thng s baseline ban u

Installed Software:

-Running Software:

System Mibs:

sysDescr: M t nguyn vn ca i tng qun l. Gi tr ny thng bao gm tn y v version ca loi phn cng ca h thng, h iu hnh, thit b mng.

sysObjectID: nh danh ca i tng ang c qun l

sysContact: Tn lin lc ca ngi qun l node ny

SysUptime: Thi gian t lc m h thng khi ng thit lp

sysLocation: a ch tht ca node ang qun l

sysServices: Tng s dch v m node cho php

Interface Mibs:

Qun tr performance:

ifMtu: Kch thc ln nht ca mt packet c th c gi v nhn trn interface ny, tnh bng octets.

ifSpeed: bng thng hin thi trn interface theo n v bit/s. Vi nhng interface khng c s thay i v bng thng hay nhng interface khng th c lng c chnh xc, th gi tr ny s l bng thng hiu dng. Nu bng thng ny ln hn gi tr cc i m bin ny c th biu din (4,294,967,295) th variable ifHighSpeed s c dng biu din tc ca interface. i vi cc sub-layer m khng lin quan n tc th gi tr ny c biu din l 0.

ifOperStatus: Trng thi hot ng hin hnh trong h thng ca interface, c cng trng thi vi ifAdminStatus l up nu nh interface sn sng chuyn v nhn lu lng mng, hoc ang i cho mt hnh ng bn ngoi( v d : nh ang i cho mt kt ni vo), down khi c li xy ra.

ifInUcast Pkts: Tng s gi unicast c phn phi bi lp di ln lp trn ca n

IfInNUcast Pkts: Tng s gi, c phn phi bi lp di ln lp trn, l a ch multicast hoc broadcast ca lp di.

ifOutOctets: s octet ra khi interface

ifOutUnicastPkts: S gi unicast ra khi interface

ifOutNUcastPkts: s gi khng phi unicast ra khi interface

Qun tr li: ifInErrors: L s cc gi nhn vo m c li i vi interface hng gi , l chiu di tng s ln n v chuyn ti vo b li i vi interface hng k t. Ngn cn chng khng cho phn phi ti lp giao thc cao hn.

ifOutErrors: li ca gi ra

ifInUnknownProtos: Tng s gi c nhn qua interface s b hu bi v khng c giao thc hoc giao thc khng c h tr.

ifInDiscard: s gi b hy

ifOutDiscards: gi ra b hy

ifLastChange: Ln cui cng thay i trng thi ca interface

ifOutQlen: chiu di gi ra

Route Table: ipRouteDest: route ch

ipRouteInIndex: s ch mc route

ipRouteMetric: metric ca route. Trng hp cha thit lp mc nh l -1

ipRouteNextHop:hop tip theo trn ng i

ipRouteType: kiu ng i (direct, indirect)

ipRouteProto: giao thc nh tuyn

ipRouteAge: Thi gian tn ti ca route

ipRouteMask: mt n cho subnet ca a ch ip

Ip Mibs:

Qun tr performance:

ipInReceives.0: tng s gi nhn c ti interface ny bao gm cc gi b li.

ipInDelivers.0: s gi nhn c phn phi n lp trn

ipOutRequests.0: s gi yu cu cn c truyn n lp trn

ipReasmTimeout.0: thi gian ti a (tnh bng giy) ch nhn cc mnh m ang ch c ti hp.

ipReasmReqds.0: s lng ca cc phn mnh IP nhn m ang ch ti hp.

ipReasmOKs.0: s lng ca cc gi IP ti hp thnh cng. Do khng c gi no b phn mnh nn trng ny c gi tr l 0.

ipReasmFails.0: s lng cc gi khng thnh cng c pht hin bi thut ton ti hp ca IP.

ipFragOKs.0: s lng ca cc gi IP m phn mnh thnh cng.

ipFragFails.0: s lng ca cc gi IP m b loi b bi v chng khng th b phn mnh.

ipFragCreates.0: s lng ca cc gi IP phn mnh c to trong qu trnh phn mnh.

Qun tr fault:

ipInHdrErrors.0: li trong Header

ipInAddrrErrors.0: li trong a ch

ipForwDatagrams.0: s datagram c chuyn tip

ipInUnknownProtos.0:tng s gi c nhn s b hu v khng c giao thc hoc giao thc khng c h tr.

ipOutNoRoutes.0: s gi ra khng c ng i

ipInDiscards.0: s lng cc gi IP input m khng c vn g bt gp ngn chn chng c tip tc x l, nhng m b loi b do khc hn cc li (v d: ht buffer).

ipInDelivers.0: tng s cc gi input thnh cng m chuyn ln giao thc lp trn user ca IP (bao gm c ICMP).

ipOutDiscards.0: s lng cc gi output khng c vn g gp phi chuyn i nhng b loi b bi l do khc li (nh ht buffer).

ipOutNoRoutes.0: s lng cc gi IP b loi b do khng c tuyn ng no c th tm thy chuyn chng n ch ca chng. Ch rng cc gi ny bao gm bt k gi m mt host khng th nh nh tuyn bi v tt c cc router mc nh ca chng b down.

TCP Mibs:

Qun tr performance:

tcpActiveOpens: s ln cc kt ni TCP to ra mt chuyn tip n trng thi SYN-SENT t trng thi CLOSE

tcpPassiveOpens: s ln cc kt ni TCP to ra mt chuyn tip trc tip

tcpAttempptFails: s ln th kt ni b li

tcpEstabResets: s cc reset xut hin

tcpCurrEstab: s kt ni c trng thi hin ti l ESTABLISHED hay CLOSE-WAIT

tcpInSegs: tng s segment nhn

tcpOutSegs: tng s segment gi

tcpRetransSegs: tng s segment c truyn li

tcpOutRsts: tng s segment c gi

Qun tr fault:

tcpAttempptFails: s ln th kt ni b li

tcpEstabResets: s cc reset xut hin

tcpRetransSegs: tng s segment c truyn li

tcpErrs: tng s segment nhn c b li

tcpRtoAlgorithm: thut ton c s dng xc nh gi tr timeout s dng cho vic truyn li cc octet khng hon thnh

tcpRtoMin: gi tr nh nht c cho php bi s thc thi TCP cho vic truyn li timeout

tcpRtoMax: gi tr ln nht c cho php bi s thc thi TCP cho vic truyn li timeout

tcpMaxConn: s lin kt TCP ti a

tcpConnState: trng thi ca kt ni

UDP Mibs:

Qun tr performance:

udpInDatagrams: tng s gi UDP c phn pht n cc UDP user

udpNoPorts: tng s gi UDP nhn khng c ng dng port ch

udpInErrors: tng s goi UDP nhn nhng n khng th c pht i cho cc nguyn nhn ngoi tr vic thiu mt ng dng port ch

udpOutDatagrams: tng s gi UDP gi t entity ny.

ICMP Mibs:

Qun tr performance

icmpInMsgs: tng s thng ip ICMP i vo

icmpInErrorss: s cc thng ip ICMP i vo c cha li

icmpInDestUnreachs: s thng ICMP khng c c ch n

icmpInTimeExcds: s cc thng ip ICMP vt qu thi gian

icmpInParmProbs: s thng ip ICMP thng s kh hiu i vo

icmpInSrcQuenchs: s thng ip ICMP Source Quench i vo

icmpInRedirects: s thng ip ICMP Redirect nhn

icmpInEchos: s cc thng ip ICMP Echo request i vo

icmpInEchoReps: s cc thng ip ICMP Echo reply nhn c

icmpInTimestamps: s ICMP Timestamp request nhn

icmpInTimestampReps : s thng ip ICMP Timestamp Reply i vo nhn

icmpInAddrMasks: s ICMP Adddresss Mask Request i vo nhn

icmpInAddrMaskReps: s thng ip ICMP Adddresss Mask Reply i vo nhn

icmpOutMsgs: tng s thng ip ICMP m entity th nhn

icmpOutErrors: tng s ln th gi thng ip ICMP b li

icmpOutDestUnreachs: s thng ip ICMP gi bo cc ch khng c c

icmpOutTimeExcds: s thng ip ICMP gi bo vt qu thi gian

icmpOutParmProbs: s thng ip ICMP gi bo vn v tham s

icmpOutSrcQuenchs: s thng ip ICMP Soure Quench gi

icmpOutRedirects: s thng ip ICMP Redirect gi

icmpOutEchos: s thng ip Echo Request messages gi

icmpOuttEchoReps: s thng ip Echo Reply messages gi

icmpOutAddrMasks: s thng ip Address Mask Request gi

icmpOutAddrMaskReps: s thng ip Address Mask Reply gi

Qun tr fault:

icmpOutMsgs: tng s thng ip ICMP th nhn

icmpOutErrors: tng s ln th gi thng ip ICMP b li

icmpInRedirects: s thng ip ICMP Redirect nhn

SNMP Mibs:

Qun tr Performance:

snmpIn/OutTotalReqVars: S i tng Mib c phc hi thnh cng khi nhn c cc PDUs get-request v get-next hp l./ c to ra

snmpIn/OutGetRequests: S PDU get-request c chp nhn/ c to ra

snmpIn/OutGetNexts: S PDU get-next c chp nhn nhn v x l/ c to ra

snmpIn/OutGetResponse: S PDU get-response c chp nhn v x l/ c to ra

Qun tr Faults:

snmpIn/OutTooBigs: S lng SNMP PDUs phn phi ti / c to bi thc th giao thc SNMP c gi tr ca trng error-status l tooBig.

snmpIn/OutNoSuchNames: S lng SNMP PDUs phn phi ti/c to bi thc th giao thc SNMP c gi tr ca trng error-status l noSuchName.

snmpIn/OutBadValues: S lng SNMP PDUs phn phi ti/c to bi thc th giao thc SNMP c gi tr ca trng error-status l badValue.

snmpIn/OutGenErrs: S lng SNMP PDUs phn phi ti/c to bi thc th giao thc SNMP c gi tr ca trng error-status l genErr.

5. Thit lp Event Log:

Gip ct gi cc cc bn record chi tit ca cc s kin, gip cho vic theo di v troubleshoot nhng bt thng xy ra.

NCM cung cp mt chc nng rt tin li cho vic theo di v cp nht thng tin cu hnh l download config. Vi chc nng ny, admin c th download cc thng tin cu hnh t device v so snh vi cc gi tr baseline thit lp hay cc thng tin cu hnh download trc , hoc n gin l backup.

Nhng chc nng ny khng hot ng c mt cch bnh thng v lun c li xy ra, v khng th t ng download bt c thng tin cn thit no t thit b qun tr. Cc chc nng theo di v cp nht da vo tp tin syslog v th cng khng th hot ng.Cho nn tt c cc thay i v thng tin cu hnh s c theo di th cng da vo cc thng s Mib v theo di theo thi gian thc cng vi vic theo di CPU load.

6. Theo di theo thi gian thc cc gi tr baseline ca thit b:

CPU load :

III. Case Study:

Trc nhu cu truy cp web ngy cng tng t bn ngoi cng nh bn trong, dn n tnh trng Webserver b qu ti. Bin php xut duy tr mt network n nh l xy dng thm mt Webserver th hai b sung vo h thng.

IV. Lp phiu thay i cu hnh v phn tch cc nh hng bo mt lin quan

N YU CU THAY I CU HNH

H THNG WEBSERVER

Ngun:

Ngi lm n: V Th Hong Yn

Chc v: Administrator

in thoi: 0932068802

T chc: Hc vin cng ngh Bu chnh vin thng

M t thc trng gp phi:Webserver c nguy c b qu ti do s lng ngi truy cp vo trang web cng ty ngy cng tng cao.

Gii php ngh:Xy dng thm mt Webserver th hai b sung vo h thng.Mc khn cp:Trung bnh

File Phn tch:

Hot ng hin ti ca h thng:

CPU lin tc hot ng vi hiu sut gn nh ti a

Dung lng TCP tng ln ng k

Dung lng IP tng ln ng k

Lu lng qua interface tng ln ng k

T l utilization lun mc kh cao

Th nghim khi xy dng thm mt Webserver:

H thng hot ng tr li bnh thng nh mc baseline nh ra trc . Chng t Server c b qu ti ch khng phi b tn cng Dos.

Chi ph pht sinh:

Chi ph lp t server : $2000

Chi ph vn hnh: $500

Chi ph qun l: $500

Chi ph bo dng:$500

Chi ph hun luyn s dng: $100

Thng s phn tch i km:

Ip:

TCP:

If:

CPU:

Utilization:

TNG KTTrong ni dung quyn bo co ny chng em i tm hiu hu ht cc chc nng chnh ca hai tool qun tr mng l Perfomance trn Window Server 2k3 v Solarwinds. Tool Performance n gin ch dnh cho ngi qun tr khng chuyn nghip, trong khi tool Solarwinds l tool thng mi (gi thnh cao) c dng cho c ngi qun tr khng chuyn v chuyn nghip.Chi tit hn chng em rt ra c nhng kt lun nh sau :

C ch RPC ca Windows vi s h tr ca TCP cho php truyn nhn thng tin nhm mc ch m bo tin cy. Tt c thng tin phn Data ca RPC u c m ha . Tuy nhin, c nhc im l : RPC i hi phi cung cp dch v trn cc my. Nu RPC khng hot ng th Tool Windows (cc ng dng nh Performance ) cng khng hot ng.

Xt v mt Sercurity , vic cho thc thi RPC l khng an ton. Nu kim sot khng tt, hacker c th tn cng mng bng RPC. ng thi, tool Windows hot ng da trn c ch xc thc cc Account Windows gy kh khn cho vic qun tr t xa(nht l trong mng WAN).

i vi Tool Solarwinds vic thc thi da trn SNMP truyn thng thng qua cc gi UDP. Do , n c lp vi c ch triu gi t xa RPC v hot ng ca n an ton hn Tool Windows nht l trn mi trng mng WAN. Nhng thng tin c truyn di dng plain text, k c community String. Do vi phm tnh bo mt d liu.Bng so snh:PERFOMANCESOLARWIND

n gin,h tr t thng tinRt chi tit,h tr nhiu thng tin

Phc tp trong cng tc qun l, phi dng ti khan Window v phi iu chnh mt s tham s trong cu hnhS dng n gin,hat ng trn giao thc SNMP

Dnh cho ngi qun tr khng chuynDnh cho ngi qun tr chuyn nghip

Ch yu dng thu thp thng tinCho php get v set

Min ph(tch hp sn trong window (t phin bn 2000 tr v sau))Chi ph cao

TI LIU THAM KHO1. SolarWinds Toolset Administrator Guide

2. OReilly - Essential SNMP 2nd Edition(2005)

3. Essential SNMP4. Microsoft Windows Server 2003 Performance Guide5. Cc website v qun tr mng nh :

http://www.nhatnghe.com/forum http://www.vnpro.org/forum http://www.quantrimang.com

DCE RPC Request

DCE RPC Respone

ACK

Thit lp gi tr vt ngng

Theo di xem gi tr c vt ngng hay khng?

Gi thng bo v

DCERPC request

ACK

DCERPC response

get-response

get-request

2

_1334755385.vsd

_1335034699.vsd

_1335027022.vsd

_1334643345.vsd