Monitoring and diagnostics capabilities for unified communications systems are becoming more important and there is a wealth of information that can be cost effectively collected within an Enterprise communication system.
3. 1. Introduction
While monitoring a communications system is not a new concept, applying these
techniques to enterprise communication systems is still a young science. This field
has only really opened up in the last 10 years with the introduction of IP and IP-based
protocols (like SNMP) and web-based management systems which allow system
administrators access to low cost tools for Enterprise communication systems. Monitoring
solutions are often used to augment an element management system in implementing
an FCAPS model to manage a communication network.
The purpose of this white paper is to give a simple overview of what can be monitored in
an Enterprise communication system.
1.1 Definitions
The following definitions shall be used within this document:
EMS – Element Management System
FCAPS – Fault, Configuration, Accounting, Provisioning, Security
IP – Internet Protocol
IP-PBX – IP-based Private Branch Exchange
LAN – Local Area Network
MAC – Media Access Control (address)
MOS – Mean Opinion Score
MPLS – Multi-Protocol Label Switching
NMS – Network Management System
OSS – Operations Support System
PBX – Private Branch Exchange
PRI – Primary Rate Interface (ISDN trunk)
PSTN – Public Switched Telephone Network (also called Telco)
RBOC/CLEC – Regional Bell Operating company/Competitive Local Exchange Carrier
SIP – Session Initiation Protocol
SNMP – Simple Network Management Protocol
SYSLOG – SYStem LOG
TMS – Telecommunication Management System
UC – Unified Communications
WAN – Wide Area Network
Monitoring An Enterprise UC Environment PAGE 3
4. 2. Why monitor your UC system?
There are typically five main benefits to organizations that monitor their network. These
benefits include:
•.Reduce fault resolution time
•.Mitigate/eliminate problems in the network before they happen
•.Optimize WAN bandwidth and PSTN circuit utilization
•.Compliance to regulatory and IT initiatives
•.Improve asset & inventory management
One of the first benefits to monitoring your UC network is the ability to reduce fault
resolution time. There are several tool sets that are typically found in a monitoring
solution which include:
• Log analysis
• Correlated events & root cause analysis
• Diagnostic tools (call trace, trunk tester, voice quality testing)
These tools can be used to resolve instances faster than manual processes. This can be
especially true when trying to analyze logs. It is often very difficult to manually find all the
clues needed in a short period of time. Logs that contain search strings and correlation
capabilities can dramatically improve fault diagnosis time.
A good UC monitoring solution will also take different pieces of information, say different
alarms, and correlate them to point an administrator to possible sources of the problem.
This correlation is often very fast and might even be provided at the same time the
alarms are escalated to the human interface. This can save minutes/hours of time over
the ‘trial and error’ approach in debugging problems.
Manual Resolution Time (in minutes) Monitoring Tool Resolution Time (in minutes)
15
Log analysis
120 120
Root cause analysis
30
Diagnostics
5
60
Figure 1: Fault Resolution Time Comparison. Source: ShoreTel research conducted in 2011
Monitoring An Enterprise UC Environment PAGE 4
5. In addition, there are often diagnostic tools provided with monitoring solutions to help
isolate the problem. There are various useful tools out there like call trace and trunk
testing tools. Another useful tool is a voice quality analysis tool that can provide voice
quality details as well as mean opinion score analysis to provide an objective analysis of
calls that have been labeled “poor” within your network.
A second fundamental benefit of monitoring capabilities is the ability to mitigate and/
or eliminate problems in the network before they happen. This is typically accomplished
with integrated tools that provide performance thresholds, historical trending and a
system health tool. By using these tools, administrators can be proactive about problems
with the unified communications system as these tools provide the ability to characterize
the system to establish “normal” behavior and then, as a byproduct, define “abnormal”
behavior. Once abnormal behavior is found, it can be analyzed before it escalates and
becomes a “problem”.
Optimization is the third benefit. Monitoring functionality allows system operators to
verify bandwidth consumption during periods of both high and low traffic. This means
that both the IP (WAN) network and the Telco circuits (e.g. PRI’s, T1’s, SIP trunks, etc.)
can be analyzed to verify that they support the committed/burst rates that have been
negotiated with the different service providers. This can be especially important when
using MPLS vendors.
Other optimization tools can provide traffic capacity dimensioning for the trunks as
well as the IP network. If you have a good IP-PBX provider, then they have the ability to
provide least cost routing that can be combined with your specific traffic patterns and
allow you to further optimize your network and trunking to keep transmission costs as low
as possible.
Compliance to regulatory and your own IT department initiatives can often be improved
by using monitoring capabilities. One example is the ability to actively record who
accesses network resources. This and other information is often captured and saved
within system logs that create audit trails. Monitoring functionality also exists to help you
analyze whether specific incidents that took place (or are taking place) in your network
are security threats or simply an issue with the system configuration or operation.
The last fundamental benefit of monitoring is to improve asset and inventory
management. Monitoring capabilities exist that allow you to label and track resources
in your network by MAC and or IP address. This can be especially useful for tracking
telephones that have “moved” locations, as well as users themselves that have relocated.
Other uses include quickly determining software levels for various components within the
network to help determine if an upgrade is required or has already been performed or if
there is a mismatch in functionality due to an incorrect mixture of revision levels.
Monitoring An Enterprise UC Environment PAGE 5
6. 3. What can and should be monitored?
With the advent of protocols like SNMP, there is a wealth of information that can be cost-
effectively collected within an Enterprise communication system. However, three key
questions still remain, no matter what size the network:
• What kind of information do I need?
• How much information do I really need?
• What do I do with the information once I have it?
The first task is to determine what kind information you need and why? There is a lot
of information available in a communications network, not including the router or LAN
switch information. For instance, consider Figure 2.
Third party
NMS
Conference
Bridge
Voicemail
Application
server ShoreTel
Mobility router
IP phones
WMI
SYSLOG
SNMP
Analog & digital Management
trunks system
Carrier
Video Conference Contact center
trunks
Internet Bridge
RBOC/CLEC Phone switches
SIP Third party devices
trunks with SNMP MIB
Communicator
Reporting and soft phone
package
VPN
Diagnostic tools Mobility clients
- Call tracking Third party phone
- VQ monitoring
- Trunk test tool
- Logging
- WAN utilization tool
- System health tool
- Capacity planning New SIP gateway Video clients
Remote phone
Figure 2: Typical Unified Communications Network Example
Monitoring An Enterprise UC Environment PAGE 6
7. There are all kinds of equipment and circuits in a typical UC network that can provide
information. Some examples include:
•.Telephone switches
•.Media gateways
•.User telephones
• . ser applications – softphones, conference bridges, video, wireless, etc.
U
•.Application server equipment (CPU usage, temperatures, power levels, etc.)
• .PSTN equipment
•.Security and other equipment
In fact, when you start to dive into this you’ll find that there an astonishingly large
quantity of information available. Too much information in fact. So, the question comes
back to your business needs – what kind of information do you need? Do you really want
to constantly monitor your servers and user telephones? Most implementations start
off small by focusing on the telephone switches, media gateways and trunking circuits;
basically everything needed to keep voice calls (except for the phones) up and running.
Applications and application servers are typically monitored as well, but only at a high
level until the system administrator gets a handle on their UC network.
The next question is usually how much information is needed? Alarm information is
always the first set of information you need to know about. Are there critical faults
happening within the VoIP switches, media gateways or application servers? Or are there
any major faults, like important services that have stopped running? However, even for
alarm information, you will reach a point where you can fall into an information overload
situation. For instance, do you really need to know about every telephone that it out of
service? For small companies (with less than 25 phones) or enterprises with a larger IT
staff, the question could very well be “yes” but for a medium size business this may be
more of a distraction than important information. You need to ask yourself, how many
phones do you really need to monitor? How many can you realistically monitor?
In addition to capturing critical and major equipment alarm information, you may want
to set alarm thresholds. You probably don’t need to know every time there is a change
within a particular device but you do want to know if there is some “critical” impacting
change. For instance, your network is still up and running but you have reached 80% of
your maximum bandwidth. While this event isn’t stopping you from conducting business,
systems often start exhibiting “weird” behavior at high performance levels. So, it’s good
information to know as well as the alarm information.
High level status and performance information is also a good set of data to have. This
information often allows you to get a quick glimpse of the network without investing
much effort. It’s something you can look at when time permits to give you a “feel” for
your network and potentially prevent problems before they occur, especially in the area
of capacity. Monitoring data actually allows you can see how much bandwidth and how
Monitoring An Enterprise UC Environment PAGE 7
8. many Telco circuits you really need. This then often leads to better dimensioning of your
network and ultimately cost savings. For instance, you don’t have to just “throw more
bandwidth” at a problem but can actually dimension the network for your needs.
The final question is what to do with all the information. This often depends upon the size
of your business. Small companies typically just use the built-in tools from a UC system
manufacturer. This provides a simpler configuration for you to manage with a lower cost
of entry into UC network monitoring.
Companies with medium size networks will often use a combination of the UC
manufacturer tools as well as 3rd party products. Examples here are to use a monitoring
application from the UC vendor and then augment it with diagnostic tools like Wireshark.
You might even add a simple SNMP monitoring tool, like SNMPc, to your equipment
portfolio for monitoring your LAN/WAN equipment.
Large networks often export the information from various network elements into a
network management system (NMS) where the information from multiple products is
consolidated and correlated. This typically requires the use of standardized protocols
like SNMP and SYSLOG by the network elements so that the NMS can collect the proper
information. As you can imagine, the level of complexity and cost dramatically increases
in this configuration but the capabilities available to a network administrator are usually
worth it.
4. Tool sets available
All right. Now you’re ready to set up a monitoring solution. You know what you want
to monitor, how much information you’ll want and what you plan to do with all the
information. Next you need to decide what kind of tools to use. The great thing is that
the available tool set has increased and diversified widely over the last 10 years.
The following list provides a starting point of available tool types. Please note that there
are lots of specific tools available that aren’t mentioned in this general list.
•. C equipment manufacturer monitoring functions
U
•.NMS system
•. indows log viewer
W
•.SYSLOG viewer
•.SNMP-based tools
Starting with this list, it is up to you to determine what you need or don’t need. For
instance, a small to medium business may be fine with an element management system
along with diagnostics and monitoring tools that a UC product vendor will supply.
If so, there is no need to go to the expense and complexity of deploying a network
management system.
Monitoring An Enterprise UC Environment PAGE 8
9. On the other hand, if you are an enterprise with lots of equipment and offices to monitor,
an NMS is probably a good choice. Even within the network monitoring category there
are lots of choices. There are lower cost tools like SNMPc, What’s Up Gold, Splunk,
MonitorTools.com and the Solar Winds Orion Network Performance Monitor. On
the more expensive side there are full blown network management systems like HP
Openview, Zyrion Network Management and Prognosis. At this point your budget usually
enters into the equation to help “focus” you on a specific category.
As a third alternative, if you feel comfortable with integrating specific tools into your own
configuration, then you may want to check out the plethora of available Windows log
viewers, SYSLOG viewers, and various SNMP-based tools. You can combine these tools
with the UC vendor’s tools to create your own solution.
The following lists are just some examples of tools that are either available for purchase
or as freeware:
Syslog viewer examples
• .w ww.logrhythm.com
• .w ww.kiwisyslog.com
• .w ww.log-viewer.com
Windows log viewer examples
•.Event Viewer in Microsoft Windows XP (built into operating system)
•. www.poweradmin.com
•. www.firegen.com
• .w ww.eventconsolidator.com
• .w ww.arcsight.com/Logger
Diagnostics tool examples
• . etIQ Vivinet Diagnostics
N
•. Wireshark
• . olarwinds Log and Event Manager
S
• .MonitorTools.com
5. Conclusion
Monitoring and diagnostics capabilities for unified communications systems are
becoming more important. Companies that are purchasing new systems should
investigate what kinds of built-in monitoring capabilities exist from their vendor (whether
they intend to use them initially or not) as this is a way to get low cost monitoring
Monitoring An Enterprise UC Environment PAGE 9