Upload
tuan-vo-duc
View
23
Download
0
Embed Size (px)
Citation preview
HC VIN CNG NGH BU CHNH VIN THNGC S TI THNH PH H CH MINH N MN QUN TR MNG
TM HIU V TRIN KHAI CC CNG C QUN TR MNG
(S dng Tool Performance trong Win2k3 v Solarwind)
Nhm sinh vin thc hin :
1. Trng nh Hong
2. Nguyn Duy Cng
3. Nguyn Th Thanh Minh
4. Nguyn Th Thanh Tho
5. V Thanh Tho
6. V Th Hong Yn
BNG PHN CNG
1. Trng nh Hong : Qun tr Accouting 2. Nguyn Duy Cng : Qun tr Security3. Nguyn Th Thanh Minh : Qun tr Performance trong Win2k3 4. Nguyn Th Thanh Tho : Qun tr Fault5. V Thanh Tho : Qun tr Performance trong Solarwind6. V Th Hong Yn : Qun tr ConfigurationMC LC
Qun tr Performance trong Win 2k3
I.Mc ch
II.Cng c qun tr performance trong win 2k3
1.System monitor
2.Counter Logs
3.Cc dng biu din kt qu gim st
4.Alerts
5.Trace logs
III.Case study
IV.Kt lun :
Qun tr Performance trong Solarwind
I.Cc thng s MIB lin quan
a.Interfaces
b.IP
c.TCP
d.ICMP
e.UDP
II.Tm hiu cc nhm qun tr MIB v c i tng lin quan
a.MIB Viewer
b.Mib-walk
c.Update System MIB
d.SNMP MIB Browser
III.Monitor h thng (polling & trapping)
IV.Kt lun
V.Case study
Qun tr Fault
I.Mc tiu
II.Gii thiu
III.Qun tr li trong Win 2k3 vi cng c Perfomance
1.Thc hin polling
2.Thc hin trapping
IV.Qun tr li vi Network Perfomance Monitor trong Solarwind
1.Cc thng s quan tm n qun tr li
2.Thc hin polling
3.Thc hin trapping
V.Nhn xt
VI.Case study
Qun tr Security
I.Gii thiu v Security Management
II.Security Management
1.Bo mt trn Win server 2k3
2.Qun tr bo mt trn cng c Solarwind
a.SNMP Brute Force Attack
b.Port Scanner
c.Gii thiu phn mm Microsoft Baseline Security Analyzer
III.Tng kt
Qun tr Accounting
I.Tp MIB c s dng cho qun tr Accounting
II.Case study
Qun tr Configuration
I.M hnh qun tr
II.Tm hiu cng c Solarwind Orion Network
Configuration Management
1.Ci t
2.To CSDL
3.Discover v import thit b qun tr
4.Xem v thit lp cc thng s baseline ban u
5.Thit lp Event Log
6.Theo di
III.Case study
IV.Lp phiu thay i cu hnh v phn tch cc nh hng
lin quan n bo mt
Tng kt, nh gi chung v hai cng c qun tr
Ti liu tham khoQUN TR PERFORMANCE TRONG WIN 2K3
I. Mc ch :
Tm hiu v khai thc cc chc nng c trong tool performance ca win2k3 Xy dng case study v qun tr performance dng tool performace trong win2k3 Nhn xt nh gi cng c performance trong 2k3 II. Cng c qun tr Performance trn Window :
L mt cng c c tch hp sn trn cc h iu hnh window (t win 2000) cho php chng ta qun l trn my local hoc qun l cc my xa.
s dng chng trnh ny, ta vo : Start ( Control Panel ( Administrative Tools ( Performance
Chng trnh gm cc nhm chc nng chnh:
* Gim st hot ng h thng System Monitor: T y ta c th gim sot hot ng ca Memory, physicaldisk, processor...vv.
* Performace logs and alerts:
Gm Counter log ,Trace log v Alert log :ta c th thu thp thng tin mt cch t ng t mt my tnh cc b hoc mt my tnh iu khin t xa.
Ta c th thu thp thng tin di dng Binary hoc c s d liu SQL (file text).
- Counter logs:
y l cng c gip ngi qun tr c th theo di nht k hot ng ca mt hoc nhiu i tng m ta quan tm.
- Trace log :
Ghi li cc s kin khi h thng chy cc ng dng v d khi nhp xut a cng hoc c mt trang li xut hin. Khi c s kin xy ra, dch v Performance Logs and Alerts ghi chng vo mt file log.
- Alerts:
L cng c gip chng ta c th nhn c nhng thng bo do s vt qu mt ngng no (do ta ci t).
1. System monitor:
Ti my NMS ta tin hnh qun tr mt s thng s ICMP ca my Agent
y ta kho st 2 thng s l:
Received Echo Reply/sec: (icmp.icmpInEchoReps) S gi ICMP Echo Reply nhn c trong 1s
Received Echo/sec: (icmp.icmpInEchos ) s gi ICMP Echo nhn c trong 1s.
Trong file bt gi ta thu c cc gi ICMP Request v ICMP Reply
2. Counter logs:
Polling (s dng counter logs) l mt c ch thu thp thng tin mang tnh ch ng t nh qun tr. Khi ngi qun tr quan tm n mt gi tr tham bin no th gi yu cu ly cc thng tin t my client.
M hnh mng nh sau:
Tin hnh bng cng c qun tr performance ca Windows, sau bt gi v phn tch .
Cc bc tin hnh: Control Panel Administrative tools Performance .
Trong phn polling ta chn Counter Logs thu thp thng tin v Interface.
Click phi vo Counter Logs Chn New Log Settings
Thu thp thng tin v Network Interface trn my Agent (192.168.188.4), cc thng s quan tm l: Byte Received/sec, Bytes Sent/sec, Bytes Total/sec, Current Bandwith, Packets Outbound Discarded, Packets Received Errors.
Sau khi add cc i tng ta nh thi gian polling l 10s gi thng tin v 1 ln :
nh dng file log l Text File (Tab delimited) :
Thit lp thi gian bt u thu thp thng tin:
Sau khi add xong cc counter, chy bt u vic thu thp thng tin. nh k 10 giy my agent s gi d liu v my qun tr.
Ngoi ra trn my agent cng c th s dng System Monitor xem xt gi tr ca nhng counter thay i nh th no.
Nhn xt:
Cc thng s Bytes Received/ sec, Bytes Send/ sec, Bytes Total/ sec cho php nh gi hiu qu hat ng ca Interface. D liu t my Agent gi nh k v gip ngi qun tr c th xem xt nh gi hot ng ti tng thi im.
Nu nh trong mt khong thi gian no , nhng gi tr thu v vt qu nhng gi tr cho php(tng s byte nhn c tng ln t ngt so vi bnh thng) th c th xy ra li hoc b tn cng .
Ngoi ra vic lu lng tng ln cng c th do nhu cu s dng tng ln, vic thu thp thng tin gip ngi qun tr lp k hoch cho s pht trin ca h thng mng.
Cc thng s Packets OutBuond Discard, Packets Received Errors cho php nh gi tin cy.
Dng wireshark tin hnh bt gi v phn tch gi tin, ta thy:
thc hin polling , my NMS gi gi DCERPC (Remote Procedure Call li gi hm xa bao gm cc th vin v cc dch v cho php cc ng dng phn tn hot ng c trong mi trng Windows) n Agent. NMS ang m port 1041 gi request n my Agent ang lng nghe port 445.
Cu trc ca gi DCERPC Request c dng nh sau :
My Agent sau khi nhn c yu cu t my NMS th gi li Response cho Agent vi source port 445, destination port 1041:
Cu trc ca gi DCERPC Respone :
My NMS nhn c Response ca my Agent th gi li ACK cho my Agent xc nh rng nhn c thng tin phc p.
Nhn xt:
Vy qu trnh thu thp d liu bng c ch polling trong Windows c th c m t nh sau: My NMS gi gi DCERPC n my Agent. My Agent nhn c v tr li bng gi DCERPC..
3. Cc dng biu din kt qu gim st : biu , khi, report
chn loi kt xut, ta vo System Monitor ( Propertites ( General
Dng biu :
Dng khi :
Dng report :
ngha ca tng loi kt xut :
Dng report: th hin nhng thng s quan tm di dng nhng con s c th, gip cho ngi qun tr c th xc nh chnh xc s chnh lnh gia gi tr thu c ti thi im hin ti vi gi tr baseline tng ng. T a ra quyt nh thay i ra sao ph hp vi h thng ang vn hnh.
Dng th: th hin di dng th. Mc ch ca loi hin th ny gip cho ngi qun tr c ci nhn bao qut v mt nhm cc i tng ang quan tm, xem xt h thng c ang vn hnh tt hay khng, c gi tr no tng t bin hay khng, t c th a ra nhng bin php phng trnh kp thi.
Dng khi: th hin di dng khi (histogram). Vi vic biu din thng qua hnh thc ny gip cho ngi qun tr thy r s chnh lch gia mt vi i tng quan tm. T ngi qun tr xem xt c nn iu chnh gi tr no cho ph hp hay khng.
4. Alerts:
S dng chc nng Alerts c trong cng c performance ca win2k3. Cng c ny gip chng ta c th nhn c nhng thng bo khi c s vt qu mt ngng no ( cc thng s baseline do ta ci t).
V d khi s tin trnh vt qu 36 tin trnh cho hin thng bo.
Tin hnh to mi mt Alert nh sau:
Chn i tng v counter quan tm :
Khi s tin tnh vt qu 36, ta thit lp cho h thng bit thng bo s c gi v my NMS (192.168.188.3):
V khi bn my Agent c s tin trnh vt 36, mt thng bo s c gi v cho my NMS c dng :
S kin c lu tr trong Event Viewer :
5. Trace logs :
Cch to mt trace log :
Ti ca s Performance logs and alerts, click chut phi vo Trace logs, chn new logs setting:
Ti tab General ta chn ng dn lu file, trng thi ca nh cung cp, cc s kin s c ghi li bi nh cung cp h thng .
Ti tab Log files, ta chn kiu file s lu:
Ta c th chn khong thi gian theo di.
tab Advanced chn kch thc buffer cho d liu file log, s buffer v thi gian nh k chuyn d liu t buffer vo file trn a cng, nu khng chn thi gian ny th khi buffer y s c chuyn vo a cng.
III. Case Study:
Vinagame l mt cng ty kinh doanh game online ti th trng Vit Nam. Gn y cng ty tip tc pht trin thm loi hnh kinh doanh dch v webgame cho cng ng gii tr o (sn phm Zing me). Thi gian u a vo th nghim h thng vn hnh rt tt, m bo tc truy xut ca ngi chi. Nhng thi gian gn y, cng ty thng xuyn nhn c phn nh ca gamer v tnh trng kh truy cp, h thng x l chm trong thao tc mua bn cc sn phm trong game. V vy, nhn vin qun tr mng trong cng ty tin hnh kho st xem u l nguyn nhn gy ra tnh trng .
Cc thng s cn quan tm l : s kt ni truy cp vo server game trong cng mt thi im, tnh trng CPU (CPU load) v dung lng b nh (Available Memory )cn trng.
Sau khi tin hnh kho st cc vn trn, kt qu nhn c nh sau :
S kt ni truy cp vo server game :
Biu CPU load & Available Memory :
T hnh trn ta thy CPU lun trong tnh trng qu ti, b nh sn c p ng s vn hnh ca h thng lun ch s rt thp.
T cc vn va phn tch trn, ta nhn thy rng nguyn nhn gy ra vn l do s lng ngi chi truy cp vo server qu ng, server khng cn b nh p ng nn gy ra tnh trng nghn ng truyn. gii quyt vn ny, nhn vin qun tr trong cng ty quyt nh nng cp phn cng cho server game, ng thi trang b thm 1 server mi chia ti cho server ang dng. Sau tip tc theo di thm tnh trng ca h thng trong mt khong thi gian ta thy tnh trng hot ng i vo trng thi n nh
Mc d tnh trng nghn server c khc phc, tuy nhin d on trong thi gian ti s lng gamer truy cp vo tr chi ngy cng ng, i hi i ng qun tr mng trong cng ty phi thng xuyn theo di tnh trng hot ng ca h thng c nhng bin php x l kp thi.
IV. Kt lun :
Tools Performance trn window dng qun l cc thng tin trn my local v remote. Vic qun l kh n gin bng giao din c sn thn thin vi ngi dng. Qua giao din ca chng trnh ngi dng d dng thu thp cc thng tin cn thit v t to ra cc cnh bo m khng cn nhng hiu bit chuyn su ca ngi qun tr mng.
Trong Windows, khng s dng SNMP thu thp thng tin. Vic thu thp thng tin u s dng giao thc RPC vi s h tr ca TCP. S dng gi DCERPC thu thp thng tin t xa . Do , trong qu trnh bt gi s thy c cc gi TCP.
chy c tool ny phi vo bt cc dch v trong service c th l cc dch v sau: Remote Registry, Remote Procedure Call (RPC), Remote Procedure Call (RPC) Location. Ngoi ra thc hin c chc nng Alert cn phi start dch v Messenger. Nhng hin nay, RPC khng cn an tan, cc hacker tn cng mng thng qua dch v RPC. Windows hin ang cp nht sa li li ny.
QUN TR PERFORMANCE TRONG SOLARWIND
I. Cc thng s Mib lin quan n qun tr performance:
a) Interfaces (1.3.6.1.2.1.2)
ifInOctets: s octet nhn c trn mt interface. ifInUcastPkts: s gi unicast nhn c trn mt interface. ifInNUcastPkts: s gi khng phi l unicast nhn c trn mt interface. ifOutOctets: s octet gi ra t mt interface. ifOutUcastPkts: s gi unicast gi ra t mt interface. ifOutNUcastPkts: s gi khng phi l unicast gi ra t mt interface. ifSpeed: bng thng hin ti trn interface tnh theo n v bit/s. ifInErrors: s packet nhn c b li trn mt interface. ifInDiscard: s packet nhn c khng c li b loi b. ifOutDiscard: s packet b loi b khi ra ngoi interface.b) IP (1.3.6.1.2.1.4)
ipInReceive: tng s datagram nhn c bao gm cc gi b li.
ipReasmReqds: s lng ca cc phn mnh IP nhn m ang ch ti hp.
ipReasmOKs: s lng ca cc gi IP ti hp thnh cng.
ipReasmFails: s lng cc gi khng thnh cng c pht hin bi thut ton ti hp ca IP.
ipReasmTimeout: thi gian ti a (tnh bng giy) ch nhn cc phn mnh ang ch ti hp.
ipForwDatagram: s datagram c forwarding.
ipInDiscards: s lng cc gi IP nhn vo b loi b (trn b m).
ipInDeliver: : s lng cc gi IP nhn vo c chuyn ln cc lp trn.
ipOutRequests: s lng cc gi IP chuyn ra ngoi theo yu cu.
ipOutDiscards: s lng cc gi IP chuyn ra ngoi b loi b.
ipFragOKs: s lng ca cc gi IP m phn mnh thnh cng.
ipFragFails: s lng ca cc gi IP m b loi b bi v chng khng th b phn mnh.
ipAdEntReasmMaxSize: kch thc ln nht ca gi IP m c th ti hp li t cc phn mnh ca gi IP n nhn c ti interface ny.
c) TCP (1.3.6.1.2.1.6)
tcpMaxConn: s kt ni TCP ti a. tcpActiveOpens: s ln cc kt ni TCP to ra mt chuyn tip n trng thi SYN-SENT t trng thi CLOSE.
tcpPassiveOpens: s ln cc kt ni TCP to ra mt chuyn tip trc tip.
tcpAttempptFails: s ln th kt ni b li.
tcpEstabResets: s cc reset xut hin.
tcpCurrEstab: s kt ni c trng thi hin ti l ESTABLISHED hay CLOSE-WAIT.
tcpInSegs: tng s segment nhn.
tcpOutSegs: tng s segment gi.
tcpRetransSegs: tng s segment b truyn li.
tcpOutRsts: tng s segment c gi.
d) ICMP {1.3.6.1.2.5} : cha s liu thng k u vo v u ra cc gi ICMP giao thc thng ip iu khin Internet. Cung cp cc thng ip iu khin ni mng v thc hin nhiu vn hnh ICMP trong thc th b qun l. Gm 26 i tng v hng duy tr s liu thng k cho nhiu loi bn tin, phc v cho vic qun tr performance v d nh:
icmpInMsgs: tng s thng ip ICMP i vo
icmpInErrorss: s cc thng ip ICMP i vo c cha li
icmpInDestUnreachs: s thng ICMP khng c c ch n
icmpInTimeExcds: s cc thng ip ICMP vt qu thi gian
icmpInParmProbs: s thng ip ICMP thng s kh hiu i vo
icmpInSrcQuenchs: s thng ip ICMP Source Quench i vo
icmpInRedirects: s thng ip ICMP Redirect nhn
icmpOutMsgs: tng s thng ip ICMP m entity th nhn
icmpOutErrors: tng s ln th gi thng ip ICMP b li
icmpOutDestUnreachs: s thng ip ICMP gi bo cc ch khng c c
icmpOutTimeExcds: s thng ip ICMP gi bo vt qu thi gian
icmpOutParmProbs: s thng ip ICMP gi bo vn v tham s
icmpOutSrcQuenchs: s thng ip ICMP Soure Quench gi
e) UDP {1.3.6.1.2.1.7} cung cp thng tin lin quan n hot ng ca UDP, v UDP l kt ni v hng nn nhm ny nh hn nhiu so vi nhm TCP. N khng phi bin dch thng tin ca nhng n lc kt ni, thit lp, ti lp... Cc thng s cn quan tm khi qun tr:
udpInDatagrams: tng s gi UDP c phn pht n cc UDP user
udpNoPorts: tng s gi UDP nhn khng c ng dng port ch
udpInErrors: tng s goi UDP nhn nhng n khng th c pht i cho cc nguyn nhn ngoi tr vic thiu mt ng dng port ch
udpOutDatagrams: tng s gi UDP gi t entity ny.
II. Tm hiu cc nhm qun tr Mib v cc i tng lin quan:
Kho st thng s Mib: SNMP Tools cung cp cc tin ch qun tr CSDL mib ca h thng. Cc thnh phn c bn SNMP Tools:
a. MIBViewer : h tr tm kim c s d liu MIB. Cung cp kh nng hin th bt k OID hoc table trong Mib Database. Mib Viewer s download, format, v hin th bt k mt bin SNMP Mib no. Vic n gin ch cn in tn bin Mib, tn Mib hoc mt OID....
V d: tham kho mt tham s Mib system c OID nh sau:
Kt qu thc hin:
Kt qu th hin mt s thng s v h thng ang qun tr nh tn h thng: web, v tr: tp hcm, thi gian bt u qun l: 1 gi 45 pht 16 giy....
b. Mib-walk: cung cp kh nng sinh ra 1 table cha tt c OID ca 1 thit b no .
c. Update System MIB: cho php update thng tin h thng ca thit b SNMP, bao gm Tn h thng, a ch, i tc.... S dng tool ny update thng tin trn cc thit b nh Hub, My in...
d. SNMP MIB Browser: cung cp kh nng truy cp n CSDL Mib c cung cp bi solarwinds, bn c th truy cp Mib tree, xem Mib table, tm kim nhng thng s qua Mib, hoc thay i nhng gi tr SNMP t xa.
SolarWinds MIB Browser cho php bn xem cu hnh v thc hin chi tit t cc thit b mng bng cch truy vn cc thng s Mib.
SolarWinds MIB Browser phn tch mt cch t ng nhng kt qu t mi truy vn SNMP v hin th thng tin trong form.Kt qu ca vic truy vn c th c ty bin.
Cc chc nng c bn SNMP MIB Browser:
1.Chc nng GET:
SNMP MIB Browser h tr mnh tnh nng GET trn interface cc b ln t xa. c th GET c i hi trn interface phi c bt tnh nng SNMP.MIB Browser qun l cc i tng bng cy MIB. C 2 chc nng chnh : Get Tree, Get Table.
Get Tree: lit k cc OID trn ct OID Name, cng vi cc thuc tnh tng ng trn cc OID .
Ta s thu thp thng tin v thng s tcpOutseg: kt qu thu c l tng s seg gi ra ngoi l 2395 seg.
Chng ta thc hin bt gi tin khi Get thng s mib ny:
Nhn xt:
Khi Get mt thng s Mib, my qun tr s gi gi SNMP get_request n my web, gi SNMP truyn trn nn UDP vi Port Source l 1059, Port Dest l 161. Khi my web lm agent s gi li mt gi SNMP get_response hi p my qun tr.
Khi nhn c gi respond, my qun tr tip tc gi mt gi get_BulkRequest yu cu thng tin v thng s mib tcpOutSeg, nhn c yu cu trn, my agent s gi tr v thng s mib yu cu.
SNMPv2 truyn chui mt m Community di dng plantext nn tnh bn mt khng cao.
GET Table : tng t nh GET Tree nhng n ch thc hin khi c Table trn nhng i tng c table . N lit k cc thuc tnh OID trn hng.
Kt qu: cc thng s mib thuc bng tcpConnTable c hin th bn phi bao gm cc thng s nh: tcpConnLocalPort, tcpConnLocalAdd, tcpConnState: trng thi kt ni, y kt ni tcp c thit lp.
2.Chc nng Set: thit lp gi tr thng s mib
Set c cc gi tr ca cc tham s, u tin Commnity string phi cho php thay i cc gi tr tham s.
Chn tham s cn set, ta ch c th set c cc gi tr ca cc tham s c thuc tnh Access l read-write (khi cc gi tr ca n s c mu xanh).
y ta s set thng s ipDefaultTTL nh sau:
Gi tr ban u: 128
Sau khi thay i gi tr:
Thc hin bt gi
Nhn xt:
Khi Set mt thng s Mib, my qun tr s gi gi SNMP set_request n my web, gi SNMP truyn trn nn UDP. Khi my web lm agent s gi li mt gi SNMP get_response hi p my qun tr.
Khi nhn c gi respond, my qun tr tip tc gi mt gi get_Request set li gi tr ipdefaultTTL , khi set xong, my agent s gi tr v gi get_response hi p my qun tr.
III. Monitor h thng (polling & trapping) gim st kh nng thc thi ca h thng:
Polling: s dng tool Network Performance Monitor thc hin chc nng gim st h thng, l cng c gim st mng ti mt thi im thc nh theo di cc tin trnh, hot ng CPU, tnh trng b nh, gc tr ca mng,s gi b mt, lu lng mng,di thng...N c th gim st mi node iu khin v giao din qua SNMP m t li khi mt node reboot hoc l 1 interface b down.
1.Tin hnh polling gim st h thng mng ca chng ta:
in tn hoc a ch Ip ca my agent cn gim st
Tip tc nh hnh sau:
Cc ngun ti nguyn v c tnh mng c gim st:
a vt l, lun l, CPU, memmory.
Cc lung lu lng truyn thng trn mng.
Gim st ti CPU v vic s dng b nh: Gip ta gim st c cc thng s nh: ti trung bnh CPU, ti trung bnh ln nht nh nht, vic s dng b nh.
Kt qu gim st h thng mng ca chng ta: V d: ti TB ca CPU l 3% ( CPU ca my agent hot ng vi ti thp, nh nhng.
Phn trm b nh s dng:
B nh my web server hin ti cn tng i nhiu.
Gim st a vt l: gip ta gim st dung lng a, dung lng hay phn trm s dng...V d: phn trm a C my agent s dng ht khong 40%
Truyn thng trn mng:
a.Gim st cc lu lng vo ra trn cc interface, bao gm thng tin nh tc ra vo trn cc interface ( n v bps) ln nht, nh nht, trung bnh, lu lng truyn thng multicast, tc truyn v nhn d liu, tng s gi, tng s bytes truyn nhn trn interface....
V d: tc truyn d liu trn interface:
Tc nhn d liu trn interface:
Tng s packet Tx/Rx:
b.Gim st cc lu lng vo ra b li trn cc interface h thng: thng tin v t l cc gi b li v b loi b trn interface h thng, thu thp nhng thng tin ny cho php ngi qun tr bit c trnh trng mng ang hot ng nh th no.
V d: t l cc gi vo ra b li v loi b:
Nhn xt: cc gi li truyn v nhn c t l l 0% (hin ti mng hot ng rt tt.
c.Gim st cc thng tin hiu nng mng nh v tr v thi gian ch ca mng,bao gm thi gian ch hi p trung bnh, ln nht, nh nht, t l mt gi, tnh sn sng ca h thng... Cc thng s ny cho ta bit hiu sut mng ang hot ng nh th no
V d: thi gian hi p Trung bnh h thng
Tnh sn sng ca h thng:
( gn 100% ( h thng chng ta hot ng rt tt.
2. C ch polling: xem xt cc gi bt c khi thu thp cc thng s v traffic:
My Manager s dng SNMP get thng tin t my Agent.My Manager gi request n my Agent vi Port Source 1066 l v Port Dest l 161.
My Agent khi nhn c yu cu ca my Manager s gi mt response v my Manager cung cp cc thng tin v cc thng s mib ca my agent.
Nhn xt:
Tt c agent trong h thng c qun tr u hi p yu cu polling t Manager.
My qun l s dng messages thu thp thng tin qun tr v my agent dng chng tr li cho my qun tr.
Nhng SNMP messages dng thu thp thng tin l:
Get_request v get_Bulkrequest thu thp thng tin vi s lng ln (tng tnh performance ca h thng (SNMPv2,v3).
Get_response l mt xc nhn ca Agent.
2.Trapping : thu thp thng tin mang tnh t ng, ta s xc nh cc thng s cn quan tm v t mt mc ngng cho cc thng s . My qun tr s nhn c mt dng thng bo nu thng s hot ng ca mng vt ngng cho php.
V du: thit lp ngng s dng cho b nh h thng
Cc bc thc hin
To 1 Alert vi tn canhbao:
Chn thuc tnh Gim sat: y ta check vo %Used of Total System Memory
Chn my cn gim st: web server
Thit lp cc thng s ngng: ta thit lp ngng trap l 20%, nu b nh h thng hot ng vt ngng 20% ny s thc hin cnh bo
Thit lp thi gian thc hin trapping:
Hnh ng cnh bo khi vt ngng:
Kt qu trn cho thy tng b nh h thng hin ti ang s dng l 41% nn xut hin cnh bo cho admin.
C ch hot ng:
Thc cht trapping l mt lot cc hot ng polling m chng ta xt trn, my Manager s gi request v my agent s response lin tc cc thng s mib, my Manager kim tra cc thng s gi v, khi thy vt ngng s xut hin thng bo cho ngi qun tr:
Khi h thng vt ngng cho trc, 1 gi tin gi thng bo s c gi v cho my Magerment
4. Cc hnh thc biu din kt qu gim st:
Biu din bng biu graph: cung cp cho ngi qun tr mt ci nhn trc quan hn v cc thng tin thu thp c, so snh qua tng giai on pooling ca h thng:
Biu din bng cc thng s trn table: cung cp cc thng tin dng s.
Biu din kt hp c hai dng trn:
Nhn xt: SLW h tr biu din thng tin gim st di cc dng khc nhau, r rng, giao din thn thin gip cho ngi qun tr d dng quan st v nh gi cc thng s thu thp c.
IV. Kt lun:
Ngoi cc chc nng k trn, Solarwinds cn cung cp mt s cng c h tr qun tr performance khc nh:
Advanced CPU Load: gim st v v lc th hin ti trn cc Router Cisco v cc server
Bandwidth Gauges: m s lng d liu nhn c v truyn n bt k thit b mng xa no
Bandwidth Monitor: gim st bng thng
CPU Gauge: gim st ti ca CPU
Real-Time Interface Monitor: m t nhiu Router v Switch ng thi
Router CPU Load: gim st ti trn Router Cisco
y l mt cng c h tr c lc cho hot ng qun tr ca admin, vi giao din thn thin, d dng s dng. Nhiu tnh nng u vit gip tng hiu qu ca vic qun tr., chng trnh chy nh nhng, t tn b nh.
i vi Tool Solarwinds vic thc thi da trn SNMP truyn thng thng qua cc gi UDP. Do , n c lp vi c ch triu gi t xa RPC v hot ng ca n an ton hn Tool Windows nht l.
SNMPv1 v v2 : thng tin c truyn di dng plain text, k c community String. ( tnh bo mt d liu khng cao.
SNMPv3: truyn di dng m ha ( tnh bo mt cao.
V. Xy dng Case Study:
Ngi qun tr h thng phi m bo h thng lun trong qu trnh hot ng tt, v mt trong nhng nhn t quan trng trong qun tr performance l traffic trn cc interface. Trong hnh hung ny chng ta s i su hn vo vic qun tr lu lng trn interface. Cc vn cn quan tm y l: loi lu lng, thng k lu lng vo ra, thng k li, broadcast, unicast, tnh ton hiu sut hot ng ca h thng.
Hiu sut tnh ton bng cng thc sau:
Tuy nhin hiu sut c th khng th hin ht tnh trng hot ng ca h thng mng.
tin cy tnh theo cng thc sau:
By gi chng ta tin hnh polling thm d hot ng trn cc interface: y chng ta s ch n cc gi unicast, multicast cng nh boadcast.
Ch vo cc gi NonUnicast:
Ln th 1:
InNonUnicast: 558
OutNonUnicast: 218
Ln th hai:
InNonUnicast: 885
OutNonUnicast: 832
Tip tc polling lin tc, ta nhn thy cc gi boadcast v multicast cng ngy cng tng v c lc tng cao t ngt. Nu nh cc gi broadcast v multicast ny c qu nhiu (vt ngng c th chp nhn c - baseline) c th gy ra tnh trng bo broadcast, khi bng thng ca mng b cc gi ny chim gi, nh hng n hot ng mng, mng c th b loop.
Gii quyt: chng ta s xem xt gi tr baseline ca chng c th thit lp mt cnh bo trapping gi n nh qun tr khi s lng cc gi broadcast vt ngng cho php.
QUN TR FAULT
I. Mc tiu:
Tm hiu cc chc nng h tr qun tr li trong Windows, c th l cng c Performance.
Tm hiu cc chc nng h tr qun tr li ca cng c SolarWind,c th l Network Performance Monitor .
So snh 2 cng c.
II. Gii thiu:
Qun tr li l qu trnh ngn nga, pht hin,nh v ,c lp, sa li trong h thng mng.
Thc hin theo 2 c ch:
Reactive: khi no c li th ngi qun tr tm cch gii quyt.
Proactive: ngi qun tr phi ch ng trong vic d on li thng qua vic t ngng v gim st.
Cc bc qun tr li:
Xc nh i tng qun tr.
Pht hin vn da vo thng tin thu thp c qua :
Polling: my qun tr nhn thng s t my b qun tr gi v theo nh k.
Trapping: my qun tr t ra gi tr ngng ,my b qun tr nu vi phm ngng th gi thng bo v cho my qun tr.
nh v v c lp vn .
Tm cch gii quyt vn .
M hnh mng:
III. Qun tr li trong Windows vi cng c Performmance:
Vo Start -> Run -> g perfmon -> OK.
1. Thc hin polling : bng cch to Couter Log
S lc cch to 1 Couter Log:
Chn Add Counters
Chn i tng cn qun tr bng cch nhp IP hoc tn .
Ta xem ngha ca mi thng s counter bng cch : nhp chut chn couter -> chn Explain.
Chn thng s ->Add -> Close -> OK.
Mt s Counter Log c to qun tr li cho my WEB (192.168.188.4):
1)web-service : gim st dch v web
2)web-server : gim st hot ng trn chnh server WEB
3)web-processor : gim st vi x l ca server WEB
4)web-phydisk : gim st a vt l ca server WEB
5)web-page: gim st b nh ca server WEB
6)web-icmp: gim st cc gi ICMP ti server WEB (trng hp WEB m port 23)
7)web-tcp : gim st cc gi TCP ti server WEB
=>Vi cc couter log trn,ta thu thp c kh y thng tin cn thit thc hin cng tc qun tr li trn my WEB.
Mt v d phn tch file web-tcp_000001.bgl:
Nhn xt: S lng kt ni active (s lng kt ni TCP chuyn trc tip t trng thi SYN_SENT thnh CLOSED) kh cao.
Thc hin bt gi: couter.pcap
Giao thc c dng trao i thng tin gia my qun tr v WEB l DCERPC.
Port ca WEB (my b qun tr) l : Microsoft-ds (445).
C ch:
My qun tr (192.168.188.3)
WEB(192.168.188.4)
2. Thc hin trapping: bng cch to Alert.
S lc cch to 1 Alert:
Chn Add
Chn i tng cn qun tr bng cch nhp IP hoc tn .
Ta xem ngha ca mi thng s counter bng cch : nhp chut chn couter -> chn Explain.
Chn thng s -> Add ->Close.
y ,ta chn Alert khi gi tr cao hn 10. (xc nh gi tr ngng v cch vi phm ngng).
Chn tab Action->Nhp vo hnh vi x l khi xy ra vi phm ngng.
y,ta chn s : lu s kin vo application event log v gi message ti my qun tr l 192.168.188.3.
Chn OK.
Mt s Alert c to thc hin qun tr li trn server WEB (192.168.188.4):
1)trap-service: cnh bo khi s lng kt ni hin ti trn WEB ln hn 10.
2)trap-processor: thc hin cnh bo khi vi x l bn qu 85%.
3)trap-icmp: cnh bo khi s Echo nhn c /s ln hn 20.
Xt 1 v d vi phm ngng t Alert trap-service:
Khi s kt ni ti WEB l 11,vi phm ngng 10.
My qun tr l 192.168.188.3 nhn c message t chnh n gi :
V 1 s kin c lu trong Application event log ca my qun tr (vo Start->Programs->Administrative Tools->Event Viewer->Application ):
Thc hin bt gi: gi trap.pcap.
Cng l giao thc DCERPC c s dng thc hin vic truyn thng tin qua li gia my qun tr v WEB.
y, WEB (my b qun tr ) c port l: nestbios-ssn (139).
=>1 trong 2 port hoc 445 hoc 139 .
IV. Qun tr li vi Network Performance Monitor trong cng c SolarWinds:
1. Cc thng s quan tm i vi qun tr li:
System (1): sysDescr (1), sysObjectID(2) ,sysContact (4) ,sysName (5) ,sysService(7) ->Cn thit khi cn bo hnh,sa cha thit b.
Interface(2) : ifSpeed (5), ifOperStatus (8), ifInUcastPkts(11), ifInNUcastPkts (12),ifInDiscards (13), IfInErrors(14), IfInUnknownProtos(15), IfOutUcastPkts(17) , IfOutNUcastPkts (18), IfOutDiscards(19), IfOutErrors (20).
Ip (4) : ipInReceives (3), ipInHdrErrs(4), ipInAddrErrors(5), ipInUnknownProtos (7), ipInDiscards (8),ipOutDiscards(11), ipOutNoRoutes(12),IpReasmReqds(14), ipReasmOKs (15),ipReasmFails (16),ipFragCreates (19).
Tcp(6): tcpMaxConn (4), tcpActiveOpens(5), tcpPassiveOpens (6), tcpAttemptFails(7),tcpCurrentEstab(9), tcpRetransSegs (12), tcpInErrs (14),icpOutRsts (15).
Udp(7): udpInDatagrams(1), udpNoPorts(2), udpInErrors(3)
Icmp(5) : icmpInMsgs (1), icmpInErrors (2), icmpDestUnreachs (3),
icmpInEchos (8).
2.Thc hin polling:
Ta vo Solarwinds Engineers Toolset -> Network Monitoring -> Network Performance Monitor.
S lc cch lm:
Chn New ->Nhp vo IP i tng qun tr->Next
Nhp vo community string tng ng thit lp ti my b qun tr:
Chn Finish.
Trc ,ti my WEB (my b qun tr), ta thit lp SNMP Service : vo tab Traps v Security chnh:
Xt v d polling:
2. Thc hin Trapping:
S lc cch lm:
Ta to 1 Alert thc hin cnh bo khi b nh ca WEB b chim dng qu 3000byte.
Chn Alert..
Chn OK.
Xt v d trapping:
Thc hin bt gi:
Giao thc c dng trao i thng tin gia my qun tr v WEB l SNMP.
Port ca WEB (my b qun tr) l : snmp (161).
C ch:
My qun tr (192.168.188.3)
WEB(192.168.188.4)
Thng s MIB tng ng trong gi bt c c th hiu r hn thng qua MIB Browser:
V. Nhn xt:
Cng c performance: n gin, d thao tc .Cng tc qun tr da trn giao thc DCERPC vi port 139 hoc 445 ,hin nay l 1 l hng d b hacker khai thc tn cng.
Cng c Solarwind: nhiu chc nng qun tr,chuyn nghip hn, thn thin ngi dng.Cng tc qun tr da trn giao thc SNMP, vi version1 v version2 th khng an ton v community string truyn dng cleartext, d b khai thc tn cng.Vi SNMP v3 an ton hn vi c ch xc thc (MD5,SHA1) v m ha (DES56bit, AES128bit).
VI. Case study:
Nhn vin ca 1 phng ban khng truy cp vo WEB server c.
Ta cn kim tra:
-Kim tra 1 s thit b cc b in hnh ti phng ban, nh pc, switchxem c vn cc b g khng ?? ->fix ngay nu c th.
-Policy ???...->C th user b cm truy cp do chnh sch security qui nh.
-Giao tip Interface ti WEB :cn up hay khng ??..->Kim tra cc thng s MIB ca interface nu trn. -> up li giao tip.
-Connection hin c ca WEB + ti nguyn h thng p ng khng ?? ->kim tra cc thng s MIB ca tcp c nu trn + so snh cc thng s ti nguyn h thng qua cng c qun tr. -> nng cp ti nguyn h thng WEB hoc thm server load-balancing.
-Tn cng DoS,DDoS ???...-> Kim tra cc thng s MIB ca interface, tcp,icmp, ip nu trn. ->Xc nh IP tn cng lc chn.
DANH MC HNH S DNG TRONG QUN TR FAULTHnh 1: S lc cch to 1 couter log trong wins
Hnh 2: Mt s Counter Log c to qun tr li cho my WEB
hnh 3: Mt v d phn tch file web-tcp_000001.bgl
hnh 4: Thc hin bt gi: couter.pcap hnh 5: S lc cch to Alert trong winshnh 6: Mt s Alert c to thc hin qun tr li trn server WEB (192.168.188.4)hnh 7:Xt 1 v d vi phm ngng t Alert trap-service
hnh 8: Thc hin bt gi: gi trap.pcaphnh 9: S lc cch to polling trong SLW hnh 10: V d polling
hnh 11: S lc cch to trapping trong SLW hnh 12: V d trapping
hnh 13: Thc hin bt gi alert-snmp.pcap QUN TR SECURITY
I. Gii thiu v Security Managenment :
Qun tr Security l mt chc nng qun tr rt quan trng trong h thng mng ca chng ta. H thng hot ng n nh vi hiu sut cao v tnh an ninh c m bo l iu lun c mong mun. Mt h thng mng khi c Configuration, th song song vi vic qun tr Performance, Fault, Accouting th chc nng qun tr Security cng c quan tm hng u.
Pht hin cc xm nhp tri php vo h thng, thc hin cc bin php chng xm nhp, v li khi pht hin mt l hng no . Thc hin cc bin php an ninh thng qua vic a ra cc Policy c th. Nhm m bo an ninh cho ti khon ngi dng (Users) cng nh ti nguyn ca h thng mng (Resources).
II. Security Management :
1. Bo mt trn Window Server 2003
y chng ta c 2 my tnh c thit lp cu hnh nh sau
My Agent WEB cu hnh Domain Controller abc.com : IP 192.168.188.4
My NMS (Network Management System) Solarwind: IP 192.168.188.3
Cu hnh chnh sch Password cho vic ng nhp Password Policy
Vo Administrator Tool \ Domain Security Policy -> Chn Accout Policies -> Chn Password Policy
m bo ti khon chng ta l an ton, khuyn co nn t password theo cc chnh sch sau:
Enforce password history (gim sot password history): 24 password
Maximum password age: thi gian sng ti a ca password: 42 ngy
Minimum password age: thi gian ti thiu l 1 ngy
Minimum password length: 7 k t
Yu cu kh bt buc trong vic t password: enable. kh ti thiu 7 k t trong c k s, ch thng, ch hoa, v cc k t symbol (@,#..)
Thi hnh c ch xc thc ngi dng Authentication
Trong Window Server h tr mt giao thc xc thc kh mnh m v cht ch l Kerberos. Trong domain abc.com, to 1 user vi username: cuong
Vi cc ty chn cho user nh l:
Use DES encryption types for this accout
Do not require Kerberos
Accout is disable
Accout is trusted for delegation
..
V dng chng ta thc hin vic user cuong logon domain abc.com. Sau tin hnh bt gi, chng ta nhn c cc gi s dng giao thc xc thc Kerberos nh sau:
My tnh user cuong ng nhp vi IP 192.168.188.3
My server vi domain abc.com c IP 192.168.188.4
y chng ta ch n cc gi s dng giao thc KRB5 s dng giao thc xc thc Kerberos v5 (cc gi 3, 4, 5, 6)
AS: Authentication Server: my ch xc thc
TGS: Ticket Granting Server: my ch cp v
AS REQ : user1 yu cu my ch xc thc cho mnh
AS REP: my ch xc thc v cp cho user1 ID yu cu TGS cp v
TGS REQ: user1 yu cu TGS cp v c th ng nhp vo h thng
TGS REP: TGS cp v cho user1
Sau khi c cp v th user1 c th truy cp vo cc dch v mong mun
Chnh sch gim sot Audit Policy
Vo Administrator Tool \ Domain Controller Settings -> Local Policies -> Audit Policy
Cu hnh cc chnh sch gim sot:
Audit account logon events: gim sot ti khon ng nhp
Audit account management: gim sot ti khon qun tr
Audit directory service access: gim sot truy cp cc dich v
Audit object access: gim sot cc i tng truy cp
Audit policy change: gim sot thy i chnh sch
Audit privilege use: gim sot cc c quyn s dng
Audit process tracking: gim sot qu trnh theo di
Audit system events: gim sot cc s kin h thng
Phn quyn Right Management
Vo Administrator Tool \ Domain Controller Settings -> Local Policies -> User Rights Assignment
V d: Chng ta s cu hnh cho user1 chc nng Enable computer anh user account to be trusted for delegation (s truy cp tin cy) nh sau:
Add user hoc group vo form Add User and Group to s truy cp tin tng cho i tng cn chc nng ny.
Hoc t chi truy cp ca user1 thng qua Deny Log on as a service
V c th cu hnh rt nhiu chnh sch an ninh nh sau:
Ty theo hot ng cng nh yu cu ca mi h thng mng, qun tr vin c th cu hnh cc policy thch hp
2. Qun tr bo mt trn cng c Solarwind v9.2
Trn Solarwind h tr kh nhiu cng c gip ch cho vic qun tr an ninh mng. Mt s cng c nh:
SNMP Brute Force Attack
SNMP Dictionay Attack
Port Scanner
Remote TCP Session Reset
Edit Dictionaries
Cisco Route Password Decryption
Sau y chng ta s kho st mt s cng c nh sau:
a) SNMP Brute Force Attack
Gii thiu: SNMP Brute Force Attack l cng c cho php xc nh chui community string SNMP l read-only hay read-write bng vic th tt c cc k t cng nh ch s c th. Cng c ny c th ty chnh c th ch th cc k t nht nh hay cc chui community c chiu di c nh. S dng cng c ny, bn cn chp nhn cc tha thun v ng ch chy cc ng dng ny trn mng thuc quyn qun tr ca bn. Tuy y l mt cng c tn cng, nhng cc nh qun tr cng dng tm kim khi phc li cc SNMP community string.
Demo:
PC NMS thc hin Scan tm kim khi phc li chui community string trn PC Agent (IP nh hnh v)
Cu hnh nh sau:
Trn PC Agent: vo Administrator Tool/ Computer Management -> Chn Services -> chn SNMP services -> tab Security chng ta cu hnh 2 chui community nh sau
Trn PC NMS cu hnh nh sau: Khi ng ng dng SNMP Brute Force Attack -> chn Settings
tab General: ty chn chiu di ca chui community string ( y chng ta chn chiu di la 5)
Tab Character Set: s scan chui community bng vic th tt c cc k t thng
V bt u thc hin scan, ng thi thc hin bt gi bng Wireshark
Kt qu thu c l 2 chui community: ab v cd
Phn tch hot ng ca cng c trn da vo cc gi bt c
Nguyn tc hot ng l: PC NMS s lin tc gi ra cc gi tin Get-request km theo 1 k t sinh ra trong chui Custom Character Set m chng ta ci t. n khi chui k t get-request match vi chui k t community th PC Agent s gi Get-Respont li cho PC NMS xc nhn ng community string.
Trong gi tin sau, gi th 133, PC NMS gi chui ab v match vi chui community ca PC Agent
V ngay lp tc, PC Agent gi Respont xc nhn ng cho PC NMS gi 134:
Tng t vi chui community cd l gi 449 v 450
Sau khi scan c chui community string th tip tc kim tra chui l Read-Only hay l Read-Write. Bng cch PC NMS gi 1 gi Set-Request km theo 1 gi tr sysContact. PC NMS gi gi SET coi th community string c kh nng Write hay khng. Sau yu cu ly thng tin sysContact.0 trn my PC Agent xem vic SET c thnh cng khng. Nu khng th SET gi tr sysContact th community string l Read-Only. Ngc li, nu c th SET gi tr sysContact th community string l Read-Write
community string ab. PC NMS gi gi Set-Request nh sau:
V PC Agent gi Respont nh sau:
Gi tr sysContact khng th thay i nn ab l community string Read-Only
community string cd, cng tng t nh vy ta thu c kt qu sau:
V nhn c gi tin Respont nh sau:
D dng nhn thy vic Set sysContact (Test 241246) thnh cng. Suy ra cd l community string Read-Write
Nhn xt:
Nu chui community string l chui phc tp th vic d tm s rt kh khn v mt nhiu thi gian.
Vic d tm string thng qua vic gi Get-request lin tc cho n khi ng chui string, c th s b Firewall ngn chn.
L cng c c th dnh cho hacker tn cng ly chui community nn qun tr phi ht sc cn thn.
b) Port Scanner
Gii thiu: l cng c cho php discover t xa trng thi ca cc Port trn 1 a ch IP hay mt danh sch cc a ch IP. Qu trnh qut n gin c m t nh sau:
Tht ra th Port Scanner l mt cng c trong Solarwind nhng li khng h tr giao thc SNMP.
Gi tin bt c nh sau:
Nhn xt:
Cng c khng h tr giao thc SNMP nhng li rt cn thit cho cc nh qun tr. Cc nh qun tr d dng nhn bit c cc cng no c bt ln trong h thng mng ca mnh, cc cng no kh nghi, cng no c th hacker khai thc tn cng. Qua , c bin php ngn chn kp thi
Tuy nhin cng c ny ch cho php thu thp thng tin, ngi qun tr hon ton khng c php disable mt port no t xa, hay chuyn trng thi(t Up sang Down, ngc li) ca Port.
Ngoi ra, trong Solarwind cn h tr mt s cng c Security khc nh:
SNMP Dictionary Attack: ging nh SNMP Brute Force Attack cng dng thc hin vic d tm cc community string nhng theo phng php Dictionary. Tc l to mt th vin cha cc chui c th l community string, sao scan v i chiu 2 string, nu match th chui l community string. Vic scan c kt qu hay khng l ty thuc hon ton vo th vin bn to ra.
Remote TCP Session Reset: cho php qun tr vin hin th tt c cc session hot ng trn server u cui, router, dial server, hoc truy cp server v d dng reset bt k session no.
c) Gii thiu phn mm Microsoft Baseline Security Analyzer(MBSA)
Gip cc nh qun tr phn tch hin trng bo mt trn h thng Server Windows, thm ch a ra nhng thng tin hu ch hay cc li khuyn cho user bnh thng s dng my tnh. Phn mm ny cung cp mt cng c gim st, phn tch security, c cung cp min ph bi Microsoft. Giao din chng trnh nh sau:
Chng trnh c th qut theo 2 ty chn: Scan 1 my hoc scan nhiu my.
By gi chng ta s thc hin qut: my PC NMS c ci chng trnh MBSA s qut my PC Agent
Thit lp cc thng s nh sau:
Kim tra cc l hng qun tr Window
Kim tra mnh yu ca password
Kim tra l hng qun tr IIS
Kim tra l hng qun tr SQL
Kim tra cc cp nht bo mt
Start scan -> kt qu nh sau:
Scan Weak password cho kt qu sau
Nhn thy 2 password s dng mt khu khng c thi hn l Administrator v Guest
Administrative Vulnerabilities
Internet Information Services (IIS) Scan Results
SOL Server Scan Result
Sau khi thc hin scan, kt qu tr v l cc thng s lin quan n Security nh trn. Vi cc thng s c cnh bo t chng trnh, nh qun tr s nhn bit c v kp thi khc phc cng nh a ra cc chnh sch an ninh m bo hn.
Nhn xt: Cng c ny c Microsoft a ra b sung vo cc cng c m HH Windows cn hn ch. Gip ngi qun tr ch ng thu thp thng tin lin quan n account, password,
III.Tng kt :
Security Management l chc nng qun tr v cng quan trng trong mt h thng mng. i hi nh qun tr cn gim sot cht ch hot ng ca h thng mng, phn tch cc hnh vi kh nghi, a ra cc chnh sch m bo an ninh tt.
HH Windows c tch hp sn mt s nhng tin ch h tr chc nng qun tr Security cho nh qun tr mng. Domain Controller l ng dng quan trng trong vic qun trj bo mt. i hi cc chnh sch policy ph hp cng nh s thc hin nghim tc ca cc user.
cng c Solarwind, cng c chuyn dng qun tr mng th c mt s tnh nng nng cao hn. Solarwinds mc ch chnh l qun tr 2 chc nng: performance, fault kh k cng. kha cnh Security, Solarwinds gip cho ngi qun tr thu thp thng tin Port trong t chc, cng nh vic phc hi community
i vi Security Management, th vic qun tr khng lin quan n nhiu thng s MIB, c th kho st mt s thng s Mib sau y:
sysContact: on text nhn dng lin lc i tng cho vic qun tr node , cng cc thng tin lin lc vi node
sysObjectID: nhn dng xc thc nh cung cp ca h thng mng trong 1 thc th. Gi tr nhn dng c phn b trong cy SMI (1.3.6.1.4.1). v d nu nh cung cp l Flintstones, Inc. s c gn cy 1.3.6.1.4.1.4242 v c th gn 1.3.6.1.4.1.4242.1.1 nhn dng Red Router
ipDefaultTTL: thi gian sng ca mt gi tin ip. Nu thi gian sng ln, nhng gi tin khng th n ch c, gi tin s b loop trong mng. v nu c nhiu gi tin b loop th h thng mng s hot ng tr tru. Hacker c th li dng im yu ny gi nhiu gi tin b loop lm cho h thng mng tt nghnQUN TR ACCOUNTING
I. Tp MIB c s dng cho qun tr Accounting :
System MIB
-sysName(1.3.6.1.2.1.1.5) : Tn ca h thng
-sysDescr(1.3.6.1.2.1.1.1) : M t h thng
-sysContact(1.3.6.1.2.1.1.4) : Tn kt ni ca h thng
-sysObjectID(1.3.6.1.2.1.1.2) : ID ca h thng
-sysLocation(1.3.6.1.2.1.1.6) : V tr ca h thng
-sysUpTime(1.3.6.1.2.1.1.3) : Thi gian sau khi h thng qun tr khi to li
-sysServices(1.3.6.1.2.1.1.7) : Tp cc gi tr ch cc dch v m h thng ny c kh nng cung cp
-sysORLastChange(1.3.6.1.2.1.1.8) : Gi tr ca sysUpTime ti thi im c s thay i gn y nht trong trng thi hay gi tr bt k th hin no ca sysORID
-sysORTable(1.3.6.1.2.1.1.9) :
- sysOREntry(1.3.6.1.2.1.1.9.1) : Mt mc khi nim mi trong sysORTable - sysORIndex(1.3.6.1.2.1.1.9.1.1) : Bin ph tr c s dng xc nh cc trng hp ca cc i tng hinh cy ct trong sysORTable
- sysORID(1.3.6.1.2.1.1.9.1.2) : Mt xc nh thm quyn ca mt tuyn b kh nng i vi cc MIB module h tr bi cc thc th SNMPv2 ti din xut trong mt vai tr i l.
- sysORDescr(1.3.6.1.2.1.1.9.1.3) : Mt on m t cc kh nng xc nh bi cc th hin tng ng ca sysORID
- sysORUpTime(1.3.6.1.2.1.1.9.1.4) : Gi tr ca sysUpTime m lc hng nhn thc ny c th hin cui cngII. Case study:
- T my qun tr NMS ly thng tin v cc account hin c trn mt my agent.
C th l t my NMS 192.168.188.3 ly thng tin cc account hin c trn my Agent 192.168.188.4
Tin hnh:
-S dng IP Network Browser ca tool Solarwind bt u kho st
Hnh 1: Ci t trn my NMS kho st
Nhp a ch 192.168.188.4 ca my agent kho st.Thc hin Scan Device vi community l public.M chng trnh wireshark bt cc gi thng tin phn tch.
Hnh 2 :Cc thng tin ca gi bt c khi tin hnh
Nhn vo hnh 2 ta thy c ban u:
-My NMS ping th cho my Agent xem a ch cn xc nh Scan c tn ti hay khng.Sau l gi tin tr li ca my Agent.
Hnh 3:Gi tin yu cu thng s sysobjectID.0 ca NMS
-Tip my NMS tin hnh ly cc gi tin sysobjectID.0,sysName.0,sysDescr.0
Phn tch k cc gi tin ny da vo thng s m wireshark bt c bit c qu trnh qun tr ca my NMS.
Hnh 4:Thng s ca gi tin get-request sysObjectID.0
Hnh 4 hin th cho cc thng tin c trong gi tin get-request c gi t my NMS.
-Lc ny xut hin phng thc get cua giao thc SNMP,get c gi t NMS yu cu ti agent. Agent nhn yu cu v x l vi kh nng tt nht c th. Nu mt thit b no ang bn ti nng, nh router, n khng c kh nng tr li yu cu nn n s hy li yu cu ny. Nu agent tp hp thng tin cn thit cho li yu cu, n gi li cho NMS mt get-response.
-Trong gi tin ny ta ch trng variable-binding.y l trng thng tin cha l mt danh sch cc i tng ca MIB m NMS mun ly t agent. Agent hiu cu hi theo dng: OID=value tm thng tin tr li.Trn hnh 4,cho ta thy c 1 thng tin m NMS cn bit.C th y l MIB sysobjectID.
-Dy s 1.3.6.1.2.1.1.2.0 l OID c ngha sau:
* Vi 1.3.6.1.2.1.1 l: Object Identifier ch ti ti nhm system trong MIB.
C th l :
1 : ISO c gn OID
1.3 : t chc xc nh tiu chun ISO
1.3.6 : US Department of Defense
1.3.6.1 : OID assignments from 1.3.6.1 - Internet
1.3.6.1.2 : Qun l IETF
1.3.6.1.2.1 : SNMP-MIBv2
1.3.6.1.2.1.1 : System-MIB
Tip theo l .2 : Ch ti mt trng th 2 trong bng system l sysObjectID
.0 :l chi s v hng trong bng system,cc hang c nh s t 1 tr i.
Hnh 5: Gi tin tr li get-respone sysObjectID.0 ca my agent
Nhn vo trng variable-binding ca gi tin ta xc nh thng tin chnh ca gi tin ny.Khi my NMS hi thng s ca sysObjectID ca my Agent(1.3.6.1.2.1.1.2.0) th my Agent tra thng s MIB trong bng ca n v tr li li l 1.3.6.1.4.1.311.1.1.3.1.3-y l Object Identifier ca my Agent.Tra bng MSFT-MIB t Microsoft :
Hnh 6 : Bng MSFT-MIB ca Microsoft
Da vo bng trn ta thy vi cu tr li ca my Agent l 1.3.6.1.4.1.311.1.1.3.1.3 th ObjectID ca my Agent s l : dc.
Phn tch tng t vi cc gi tin sysName.0 v sysDescr.0
Hnh 7 : Gi tin get-request sysName.0
Vi OID : 1.3.6.1.2.1.1.5.0 NMS yu cu thng s MIB trong bng system.Vi hng th 5 l sysName.
Hnh 8 : Gi tin get-respone sysName.0 ca my Agent
Cu tr li ca my Agent cho NMS khi c hi v tn my l :WEB(Dng gch cui cng)
Hnh 9 Gi tin get-request sysDescr.0
Vi OID : 1.3.6.1.2.1.1.1.0 NMS yu cu thng s MIB trong bng system.Hng th 1 l sysDescr.
Hnh 10 : Gi tin get-respone sysDecsr ca my Agent
Cu tr li ca my Agent cho NMS khi c hi v cu hnh ca my l :Hardware(Dng gch cui cng)
Tip theo ta xem xt cc gi tin cha thng tin v cc account c trn my ca agent.Ti wireshark ta bt c cc gi c thng tin v account nh sau:
Hnh 11 : Cc gi tin cha thng tin v cc account
C th cc bc tin hnh ca NMS nh sau:
B1 : My NMS dng hm getnext hi thng tin v account c trn my Agent.
-Lc ny NMS dng hm getnext khc vi hm get o trn. get-next a ra mt dy cc lnh ly thng tin t mt nhm trong MIB. Agent s ln lt tr li tt c cc i tng c trong cu truy vn ca get-next tng t nh get, cho n khi no ht cc i tng trong dy
- y trong ta xem xt gi tin u tin ca NMS gi cho Agent khi yu cu thng tin v cc account trn agent.
Hnh 12 : Gi tin getnext-request u tin ca my NMS
Trong trng variable-binding c 1 thng tin yu cu.C OID l 1.3.6.1.4.1.77.1.2.25.1.1.i chiu vi bng LanMgr-MIB
Hnh 13 : LanMgr-MIB(c th tham kho thm y)
Ch vo dng gch ta nhn thy OID ca gi tin ny l yu cu cc thng tin ca account c trn nhnh svUserName trong bng svUserTable thuc bng sv.Phn tch c th OID ny rat a co th hiu nh sau: 1.3.6.1.4.1.77.1/.2.25.1.1 tng ng
iso.org.dod.internet.private.enterprises.lanmanager.lanmgr-2/.server.svU
serTable.svUserEntry.svUserName.Ban u y l gi tin yu cu thng s nn gi tr value ca n s l null.
Hnh 14 : Gi tin getnext-respone ca my Agent
Khi nhn c yu cu t NMS,Agent s tra bng MIB ca n v tr v gi tr gn nht m n c,nh trn hnh l : value(Octet String) : 47775657374-tc l account Guest(dng cui cng).Phn tch c th nh sau:
-Khi nhn c yu cu OID : 1.3.6.1.4.1.77.1.2.25.1.1.My Agent s vo nhnh svUserName trong bng svUserTable thuc bng sv ghi li cc thng s v tr li cho NMS.Cu tr li cho NMS c OID l : 1.3.6.1.4.1.77.1.2.25.1.1.5.71.117.101.115.116,lc ny Agent gi cho NMS account u tin l 5.71.117.101.115.116 phn tch cc octet ny ra th ta c kt qu l account Guest.
Tip theo th NMS sau khi nhn c cu tr li cho cu hi account trn nhnh svUserName u tin th n s tip tc gi yu cu tip theo qua gi tin trn wireshark nh sau:
Hnh 15 :Gi tin th 2 ca phng thc getnext-request t NMS
Nhn vo thng s ca gi tin th NMS dng phng thc getnext-request.OID ca gi tin l 1.3.6.1.4.1.77.1.2.25.1.1.5.71.117.101.115.116.C ngha l NMS yu cu Agent gi thng s ca account tip theo sao acc Guest va nhn c.y l gi tin yu cu nn gi tr value ca n l null.
Hnh 16 : Gi tin tr li ca Agent khi nhn c getnext-request th 2
Khi nhn c yu cu t NMS-gi thng tin acc tip theo sau acc Guest,Agent s tra bng MIB ca n v tr v gi tr sau Guest,nh trn hnh l : value(Octet String) : 6B7262746774-tc l account krbtgt(dng cui cng).Phn tch c th nh sau:
-Khi nhn c yu cu OID : 1.3.6.1.4.1.77.1.2.25.1.1.5.71.117.101.115.116.My Agent s vo nhnh svUserName trong bng svUserTable thuc bng sv,tip theo sau acc Guest ghi li cc thng s v tr li cho NMS.Cu tr li cho NMS c OID l : 1.3.6.1.4.1.77.1.2.25.1.1.6.107.114.98.116.103.116,lc ny Agent gi cho NMS account tip theo l 6.107.114.98.116.103.116 phn tch cc octet ny ra th ta c kt qu l account krbtgt(acc ca service Kerberos Distribution Key).
Tng t nh vy trn my NMS s nhn c acc tip theo trn my Agent l:
Hnh 17 :Gi tin p tr acc IUSR_WEB ca Agent
Acc IUSR_WEB (ti khon c bit dng trong cc truy nhp du tn trong dch v IIS) c value(octet String) : 49555352F574542-tc l acc ISUR_WEB
Hnh 18 : Gi tin p tr acc IWAM_WEB ca Agent
Acc IWAM_WEB(ti khon dng cho IIS khi ng cc tin trnh ca cc ng dng trn my c IIS) c value(octetString) : 4957414D5F574542-tc l acc IWAM_WEB
Hnh 19 : Gi tin p tr acc Administrator ca Agnt
Acc Administrator(ti khon c bit,c ton quyn trn my) c value(octetString) : 41646D696873747261746F72-tc l acc Administrator.
Hnh 20 : Gi tin p tr acc SUPPORT_388945a0 ca Agent
Acc SUPPORT_388945a0(ti khon dng cho cc dch v h tr) c value(octetString) l 535550504F33383934356130-tc l acc SUPPORT_388945a0
n lc ny nh trn NMS gi gi tin getnext-request tip tc hi acc sau acc SUPPORT_388945a0 th c Agent p tr nh sau:
Hnh 21 :Gi tin p tr sau khi nhn c getnext-request sau acc SUPPORT_388945a0
Sau khi nhn c yu cu tip theo ca NMS th Agent tip theo d tip bng svUserName,nhng lc ny ko cn acc no na nn p tr li cho NMS rng d qua ti 1 bng khc l bng svShareNumber-OID : 1.3.6.1.4.1.77.1.2.26.Nh vy ht acc ma NMS yu cu,value lc ny l interger 32:3 tc l interger :0 ht gi tr.
kim tra li qu trnh trn ta vo IP Network Browser th c kt qu sau :
Hnh 22 :Thng tin acc ca my Agent khi kim tra qua IP Network Browser
So snh vi thng s ca my Agent
Hnh 23 : Cc account trn my Agent
Nhn xt : ly acc trn my Agent th IP Network Browser s dng community ca my v dng hm Get,Getnext ly ton b thng tin trong bng MIB ca my Agent ri tr v cho NMSQUN TR CU HNH
I. M hnh qun tr:
II. Tm hiu cng c qun tr mng: SolarWinds Orion Network Configuration Management (NCM)
1. Bc 1: Ci t
+ SQL Server 2005 Express
+ Orion NCM
2. Bc 2: To c s d liu trong SQL ghi li thng tin qun tr:
3. Bc 3: Discover v Import thit b qun tr:
4. Bc 4: Xem thit lp cc thng s baseline ban u
Installed Software:
-Running Software:
System Mibs:
sysDescr: M t nguyn vn ca i tng qun l. Gi tr ny thng bao gm tn y v version ca loi phn cng ca h thng, h iu hnh, thit b mng.
sysObjectID: nh danh ca i tng ang c qun l
sysContact: Tn lin lc ca ngi qun l node ny
SysUptime: Thi gian t lc m h thng khi ng thit lp
sysLocation: a ch tht ca node ang qun l
sysServices: Tng s dch v m node cho php
Interface Mibs:
Qun tr performance:
ifMtu: Kch thc ln nht ca mt packet c th c gi v nhn trn interface ny, tnh bng octets.
ifSpeed: bng thng hin thi trn interface theo n v bit/s. Vi nhng interface khng c s thay i v bng thng hay nhng interface khng th c lng c chnh xc, th gi tr ny s l bng thng hiu dng. Nu bng thng ny ln hn gi tr cc i m bin ny c th biu din (4,294,967,295) th variable ifHighSpeed s c dng biu din tc ca interface. i vi cc sub-layer m khng lin quan n tc th gi tr ny c biu din l 0.
ifOperStatus: Trng thi hot ng hin hnh trong h thng ca interface, c cng trng thi vi ifAdminStatus l up nu nh interface sn sng chuyn v nhn lu lng mng, hoc ang i cho mt hnh ng bn ngoi( v d : nh ang i cho mt kt ni vo), down khi c li xy ra.
ifInUcast Pkts: Tng s gi unicast c phn phi bi lp di ln lp trn ca n
IfInNUcast Pkts: Tng s gi, c phn phi bi lp di ln lp trn, l a ch multicast hoc broadcast ca lp di.
ifOutOctets: s octet ra khi interface
ifOutUnicastPkts: S gi unicast ra khi interface
ifOutNUcastPkts: s gi khng phi unicast ra khi interface
Qun tr li: ifInErrors: L s cc gi nhn vo m c li i vi interface hng gi , l chiu di tng s ln n v chuyn ti vo b li i vi interface hng k t. Ngn cn chng khng cho phn phi ti lp giao thc cao hn.
ifOutErrors: li ca gi ra
ifInUnknownProtos: Tng s gi c nhn qua interface s b hu bi v khng c giao thc hoc giao thc khng c h tr.
ifInDiscard: s gi b hy
ifOutDiscards: gi ra b hy
ifLastChange: Ln cui cng thay i trng thi ca interface
ifOutQlen: chiu di gi ra
Route Table: ipRouteDest: route ch
ipRouteInIndex: s ch mc route
ipRouteMetric: metric ca route. Trng hp cha thit lp mc nh l -1
ipRouteNextHop:hop tip theo trn ng i
ipRouteType: kiu ng i (direct, indirect)
ipRouteProto: giao thc nh tuyn
ipRouteAge: Thi gian tn ti ca route
ipRouteMask: mt n cho subnet ca a ch ip
Ip Mibs:
Qun tr performance:
ipInReceives.0: tng s gi nhn c ti interface ny bao gm cc gi b li.
ipInDelivers.0: s gi nhn c phn phi n lp trn
ipOutRequests.0: s gi yu cu cn c truyn n lp trn
ipReasmTimeout.0: thi gian ti a (tnh bng giy) ch nhn cc mnh m ang ch c ti hp.
ipReasmReqds.0: s lng ca cc phn mnh IP nhn m ang ch ti hp.
ipReasmOKs.0: s lng ca cc gi IP ti hp thnh cng. Do khng c gi no b phn mnh nn trng ny c gi tr l 0.
ipReasmFails.0: s lng cc gi khng thnh cng c pht hin bi thut ton ti hp ca IP.
ipFragOKs.0: s lng ca cc gi IP m phn mnh thnh cng.
ipFragFails.0: s lng ca cc gi IP m b loi b bi v chng khng th b phn mnh.
ipFragCreates.0: s lng ca cc gi IP phn mnh c to trong qu trnh phn mnh.
Qun tr fault:
ipInHdrErrors.0: li trong Header
ipInAddrrErrors.0: li trong a ch
ipForwDatagrams.0: s datagram c chuyn tip
ipInUnknownProtos.0:tng s gi c nhn s b hu v khng c giao thc hoc giao thc khng c h tr.
ipOutNoRoutes.0: s gi ra khng c ng i
ipInDiscards.0: s lng cc gi IP input m khng c vn g bt gp ngn chn chng c tip tc x l, nhng m b loi b do khc hn cc li (v d: ht buffer).
ipInDelivers.0: tng s cc gi input thnh cng m chuyn ln giao thc lp trn user ca IP (bao gm c ICMP).
ipOutDiscards.0: s lng cc gi output khng c vn g gp phi chuyn i nhng b loi b bi l do khc li (nh ht buffer).
ipOutNoRoutes.0: s lng cc gi IP b loi b do khng c tuyn ng no c th tm thy chuyn chng n ch ca chng. Ch rng cc gi ny bao gm bt k gi m mt host khng th nh nh tuyn bi v tt c cc router mc nh ca chng b down.
TCP Mibs:
Qun tr performance:
tcpActiveOpens: s ln cc kt ni TCP to ra mt chuyn tip n trng thi SYN-SENT t trng thi CLOSE
tcpPassiveOpens: s ln cc kt ni TCP to ra mt chuyn tip trc tip
tcpAttempptFails: s ln th kt ni b li
tcpEstabResets: s cc reset xut hin
tcpCurrEstab: s kt ni c trng thi hin ti l ESTABLISHED hay CLOSE-WAIT
tcpInSegs: tng s segment nhn
tcpOutSegs: tng s segment gi
tcpRetransSegs: tng s segment c truyn li
tcpOutRsts: tng s segment c gi
Qun tr fault:
tcpAttempptFails: s ln th kt ni b li
tcpEstabResets: s cc reset xut hin
tcpRetransSegs: tng s segment c truyn li
tcpErrs: tng s segment nhn c b li
tcpRtoAlgorithm: thut ton c s dng xc nh gi tr timeout s dng cho vic truyn li cc octet khng hon thnh
tcpRtoMin: gi tr nh nht c cho php bi s thc thi TCP cho vic truyn li timeout
tcpRtoMax: gi tr ln nht c cho php bi s thc thi TCP cho vic truyn li timeout
tcpMaxConn: s lin kt TCP ti a
tcpConnState: trng thi ca kt ni
UDP Mibs:
Qun tr performance:
udpInDatagrams: tng s gi UDP c phn pht n cc UDP user
udpNoPorts: tng s gi UDP nhn khng c ng dng port ch
udpInErrors: tng s goi UDP nhn nhng n khng th c pht i cho cc nguyn nhn ngoi tr vic thiu mt ng dng port ch
udpOutDatagrams: tng s gi UDP gi t entity ny.
ICMP Mibs:
Qun tr performance
icmpInMsgs: tng s thng ip ICMP i vo
icmpInErrorss: s cc thng ip ICMP i vo c cha li
icmpInDestUnreachs: s thng ICMP khng c c ch n
icmpInTimeExcds: s cc thng ip ICMP vt qu thi gian
icmpInParmProbs: s thng ip ICMP thng s kh hiu i vo
icmpInSrcQuenchs: s thng ip ICMP Source Quench i vo
icmpInRedirects: s thng ip ICMP Redirect nhn
icmpInEchos: s cc thng ip ICMP Echo request i vo
icmpInEchoReps: s cc thng ip ICMP Echo reply nhn c
icmpInTimestamps: s ICMP Timestamp request nhn
icmpInTimestampReps : s thng ip ICMP Timestamp Reply i vo nhn
icmpInAddrMasks: s ICMP Adddresss Mask Request i vo nhn
icmpInAddrMaskReps: s thng ip ICMP Adddresss Mask Reply i vo nhn
icmpOutMsgs: tng s thng ip ICMP m entity th nhn
icmpOutErrors: tng s ln th gi thng ip ICMP b li
icmpOutDestUnreachs: s thng ip ICMP gi bo cc ch khng c c
icmpOutTimeExcds: s thng ip ICMP gi bo vt qu thi gian
icmpOutParmProbs: s thng ip ICMP gi bo vn v tham s
icmpOutSrcQuenchs: s thng ip ICMP Soure Quench gi
icmpOutRedirects: s thng ip ICMP Redirect gi
icmpOutEchos: s thng ip Echo Request messages gi
icmpOuttEchoReps: s thng ip Echo Reply messages gi
icmpOutAddrMasks: s thng ip Address Mask Request gi
icmpOutAddrMaskReps: s thng ip Address Mask Reply gi
Qun tr fault:
icmpOutMsgs: tng s thng ip ICMP th nhn
icmpOutErrors: tng s ln th gi thng ip ICMP b li
icmpInRedirects: s thng ip ICMP Redirect nhn
SNMP Mibs:
Qun tr Performance:
snmpIn/OutTotalReqVars: S i tng Mib c phc hi thnh cng khi nhn c cc PDUs get-request v get-next hp l./ c to ra
snmpIn/OutGetRequests: S PDU get-request c chp nhn/ c to ra
snmpIn/OutGetNexts: S PDU get-next c chp nhn nhn v x l/ c to ra
snmpIn/OutGetResponse: S PDU get-response c chp nhn v x l/ c to ra
Qun tr Faults:
snmpIn/OutTooBigs: S lng SNMP PDUs phn phi ti / c to bi thc th giao thc SNMP c gi tr ca trng error-status l tooBig.
snmpIn/OutNoSuchNames: S lng SNMP PDUs phn phi ti/c to bi thc th giao thc SNMP c gi tr ca trng error-status l noSuchName.
snmpIn/OutBadValues: S lng SNMP PDUs phn phi ti/c to bi thc th giao thc SNMP c gi tr ca trng error-status l badValue.
snmpIn/OutGenErrs: S lng SNMP PDUs phn phi ti/c to bi thc th giao thc SNMP c gi tr ca trng error-status l genErr.
5. Thit lp Event Log:
Gip ct gi cc cc bn record chi tit ca cc s kin, gip cho vic theo di v troubleshoot nhng bt thng xy ra.
NCM cung cp mt chc nng rt tin li cho vic theo di v cp nht thng tin cu hnh l download config. Vi chc nng ny, admin c th download cc thng tin cu hnh t device v so snh vi cc gi tr baseline thit lp hay cc thng tin cu hnh download trc , hoc n gin l backup.
Nhng chc nng ny khng hot ng c mt cch bnh thng v lun c li xy ra, v khng th t ng download bt c thng tin cn thit no t thit b qun tr. Cc chc nng theo di v cp nht da vo tp tin syslog v th cng khng th hot ng.Cho nn tt c cc thay i v thng tin cu hnh s c theo di th cng da vo cc thng s Mib v theo di theo thi gian thc cng vi vic theo di CPU load.
6. Theo di theo thi gian thc cc gi tr baseline ca thit b:
CPU load :
III. Case Study:
Trc nhu cu truy cp web ngy cng tng t bn ngoi cng nh bn trong, dn n tnh trng Webserver b qu ti. Bin php xut duy tr mt network n nh l xy dng thm mt Webserver th hai b sung vo h thng.
IV. Lp phiu thay i cu hnh v phn tch cc nh hng bo mt lin quan
N YU CU THAY I CU HNH
H THNG WEBSERVER
Ngun:
Ngi lm n: V Th Hong Yn
Chc v: Administrator
in thoi: 0932068802
T chc: Hc vin cng ngh Bu chnh vin thng
M t thc trng gp phi:Webserver c nguy c b qu ti do s lng ngi truy cp vo trang web cng ty ngy cng tng cao.
Gii php ngh:Xy dng thm mt Webserver th hai b sung vo h thng.Mc khn cp:Trung bnh
File Phn tch:
Hot ng hin ti ca h thng:
CPU lin tc hot ng vi hiu sut gn nh ti a
Dung lng TCP tng ln ng k
Dung lng IP tng ln ng k
Lu lng qua interface tng ln ng k
T l utilization lun mc kh cao
Th nghim khi xy dng thm mt Webserver:
H thng hot ng tr li bnh thng nh mc baseline nh ra trc . Chng t Server c b qu ti ch khng phi b tn cng Dos.
Chi ph pht sinh:
Chi ph lp t server : $2000
Chi ph vn hnh: $500
Chi ph qun l: $500
Chi ph bo dng:$500
Chi ph hun luyn s dng: $100
Thng s phn tch i km:
Ip:
TCP:
If:
CPU:
Utilization:
TNG KTTrong ni dung quyn bo co ny chng em i tm hiu hu ht cc chc nng chnh ca hai tool qun tr mng l Perfomance trn Window Server 2k3 v Solarwinds. Tool Performance n gin ch dnh cho ngi qun tr khng chuyn nghip, trong khi tool Solarwinds l tool thng mi (gi thnh cao) c dng cho c ngi qun tr khng chuyn v chuyn nghip.Chi tit hn chng em rt ra c nhng kt lun nh sau :
C ch RPC ca Windows vi s h tr ca TCP cho php truyn nhn thng tin nhm mc ch m bo tin cy. Tt c thng tin phn Data ca RPC u c m ha . Tuy nhin, c nhc im l : RPC i hi phi cung cp dch v trn cc my. Nu RPC khng hot ng th Tool Windows (cc ng dng nh Performance ) cng khng hot ng.
Xt v mt Sercurity , vic cho thc thi RPC l khng an ton. Nu kim sot khng tt, hacker c th tn cng mng bng RPC. ng thi, tool Windows hot ng da trn c ch xc thc cc Account Windows gy kh khn cho vic qun tr t xa(nht l trong mng WAN).
i vi Tool Solarwinds vic thc thi da trn SNMP truyn thng thng qua cc gi UDP. Do , n c lp vi c ch triu gi t xa RPC v hot ng ca n an ton hn Tool Windows nht l trn mi trng mng WAN. Nhng thng tin c truyn di dng plain text, k c community String. Do vi phm tnh bo mt d liu.Bng so snh:PERFOMANCESOLARWIND
n gin,h tr t thng tinRt chi tit,h tr nhiu thng tin
Phc tp trong cng tc qun l, phi dng ti khan Window v phi iu chnh mt s tham s trong cu hnhS dng n gin,hat ng trn giao thc SNMP
Dnh cho ngi qun tr khng chuynDnh cho ngi qun tr chuyn nghip
Ch yu dng thu thp thng tinCho php get v set
Min ph(tch hp sn trong window (t phin bn 2000 tr v sau))Chi ph cao
TI LIU THAM KHO1. SolarWinds Toolset Administrator Guide
2. OReilly - Essential SNMP 2nd Edition(2005)
3. Essential SNMP4. Microsoft Windows Server 2003 Performance Guide5. Cc website v qun tr mng nh :
http://www.nhatnghe.com/forum http://www.vnpro.org/forum http://www.quantrimang.com
DCE RPC Request
DCE RPC Respone
ACK
Thit lp gi tr vt ngng
Theo di xem gi tr c vt ngng hay khng?
Gi thng bo v
DCERPC request
ACK
DCERPC response
get-response
get-request
2
_1334755385.vsd
_1335034699.vsd
_1335027022.vsd
_1334643345.vsd