1. Home
  2. Getting Started
  3. OmniCenter 11 Intro Guide – Part 4: Advanced Configuration Topics

OmniCenter 11 Intro Guide – Part 4: Advanced Configuration Topics

This is part 4 of the Intro Guide. See part 3 here.

Threshold Checks

OmniCenter threshold checks are a way of monitoring the utilization of resources (cpu, memory, bandwidth, etc.) on a specific device. They can record and report on occurrences of both high and low utilization, and even on a deviation from previous utilization (anomaly). It is important to understand that an OmniCenter threshold check is not simply a single threshold value; it’s a complete monitoring tool with many options and capabilities.

Threshold checks can be configured with two alarm states: WARNING and CRITICAL. WARNING states indicate that a resource has exceeded its normal range of acceptable values (high or low), but that the usage has not yet hit critical levels. CRITICAL states indicate that a resource’s usage has exceeded critical levels, which could create serious problems and should be addressed immediately. Both WARNING and CRITICAL alarms display on the OmniCenter dashboards, but only CRITICAL alarms open incidents.

See the threshold check entry for a thorough explanation of how threshold checks work and how to configure them.

Application Monitoring

Requirements for monitoring specific applications can vary widely, but a few applications which are often mission-critical that you should consider monitoring at the application level include SQL (MSSQL, Oracle, MySQL), web applications (including shared or cloud-hosted applications), email (locally hosted or cloud-based), and DNS.

Firewall Notes

  • SQL: OmniCenter will require SQL access to the server in question. MSSQL is often on the default port of TCP/1433. Oracle uses a complex series of ports, documented here. MySQL is often on port TCP/3306.
  • Web/Cloud: Port TCP/80 or TCP/443, or occasionally a custom port.
  • Email: SMTP on port TCP/25, TCP/587, or TCP/465; and IMAP on port TCP/143 or TCP/993.
  • DNS: Port UDP/53

Application Response Time (ART) Monitoring

The Application Performance dashboard of a WebART check. The devices from an associated strategic group can be seen in the lower right.

OmniCenter has two checks related to application response time, the WebART check and the email application check. Both use a form of synthetic monitoring to benchmark performance and check the availability of their respective applications. As their names imply, the email application check is for email servers, and the WebART check is for web-based applications.

The Application Performance dashboards for these checks display detailed performance data and breakdowns for each synthetic step in the check, as well as overall application status and total response time. Strategic groups can be associated with each check, so that their member devices will be displayed along with the check data, allowing you to look for correlations between device issues and network traffic problems. WebART checks can also have NetFlow data displayed for related applications, if desired.

There are no WebART or email application checks included by default in OmniCenter, so you will have to manually add any checks that you want included in your monitoring plan.

NetFlow

OmniCenter supports NetFlow (version 5 or 9), sFlow and IPFIX export from devices for traffic and protocol analysis and volume information. Flow export technologies such as these cause network devices (typically layer 3 devices like routers) to send “accounting level” information to OmniCenter (which includes source and destination address, port, protocol, and volume data) for reporting purposes, in order to provide deeper performance information.

NetFlow is a push technology and cannot be controlled from within OmniCenter. So, in order for it to work correctly, NetFlow must be properly configured by you, on each of the devices in your network from which you want OmniCenter to receive data. When configuring flow technologies such as these, the goal is to configure the fewest number of exporters possible while still insuring that OmniCenter can collect data on all the required traffic. To help avoid duplicate flow data in hub and spoke networks, configure all devices to send data only on the inbound or outbound interfaces, not both. However, for full mesh networks, it may be necessary to configure flow on both the inbound and outbound interfaces to prevent missed data. OmniCenter automatically detects and processes duplicate flows to avoid creating incorrect traffic counts, but this can use excessive resources if over-configured. The correct steps to properly configure NetFlow on your particular devices are outside the scope of the OmniCenter documentation. Therefore, it is highly recommended that you consult with your router or other device manufacturer to determine and understand these steps.

Once properly configured, NetFlow data is used to populate the “Traffic” widget on the Consolidated Dashboard, and can be associated with WebART checks and displayed alongside their application performance data to aid in troubleshooting.

General Recommendations

  • Use NetFlow Version 5 or greater.
  • Configure NetFlow to export to the host address of OmniCenter using port UDP/2055.
  • Configure sFlow to export to the host address of OmniCenter using port UDP/2056.
  • OmniCenter uses subnet information to correlate traffic with source/destination sites, so ensure that you have configured or detected the required subnets in OmniCenter.
  • Avoid creating duplicate flow reporting by configuring flow on the minimum number of interfaces possible to get the information your need.
  • Configure NetFlow on all of the outbound interfaces or all of the inbound interfaces only of layer 3 devices whenever possible.

OmniCenter supports multiple versions of NetFlow, including IPFIX, and by default is configured on port UDP/2055 originating from the device—but the port number can vary by environment.

Reports

OmniCenter is capable of many complex and in-depth reports, many of which are beyond the scope of this introductory guide. However, the OmniCenter Built-In Reports page has a good selection of basic reports that you can look at, with brief accompanying explanations. OmniCenter can also be instructed to send specific reports on a one-time or repeating schedule. To open the Built-In Reports page, select Reports → Built-In from the main menu.

The OmniCenter Mobile App

Integrating your OmniCenter appliance with the NetreoCloud enables several exciting features, such as:

  • Mobile app integration – You can install the free OmniCenter Mobile app on your iOS or Android device, and view and acknowledge incidents from anywhere. You can also receive push notifications for any alerts generated by OmniCenter.
  • Cloud Heartbeat – If your OmniCenter appliance loses connectivity to the Netreo Cloud, your mobile device will receive a push notification, allowing you to be alerted even if your Internet links or firewalls have all failed.

The OmniCenter mobile application now has it’s own knowledge base. Use the navigation menu at the top of the page, or click here.

Updated on February 8, 2019

Was this article helpful?

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Contact Support

Leave a Reply