How is vulnerability scanning accomplished?
There are four levels of Vulnerability Scanning designated levels 1-4. The higher the level, the more intrusive the scan: Level 1 – port scanning, Level 2 – profiling, Level 3 – intrusion attempts, Level 4 – malicious intrusion attempts.

How are Service Level Availabilities calculated?
It is the number of successful polls divided by the number of attempted polls over the past 24 hours:

Successful polls over past 24 hours
------------------------------------------- = SLA percentage
Attempted polls over past 24 hours

The calculation is completed over a rolling 24 hour window, and the window size of 24-hours is not a user-configurable parameter.

How often are services polled?
The default polling interval is five minutes. Determining the most appropriate polling interval is always a challenge. More frequent intervals in larger networks can generate unacceptable network overhead. Longer intervals means longer periods of potential downtime before an outage is identified. A five minute polling interval provides a healthy balance between these risks. If your environment requires customization of these values, log in to your appliance as the administrator and visit the Admin->Configure Pollers page and change the interval.

Does CommandCenter NOC support multi-subnet?
Yes, CommandCenter NOC is able to manage multiple subnets with one hardware appliance. You can accomplish this by leveraging your WINS server if you have one, or by having a Windows proxy deployed in each subnet.

False alarms are always an issue for IT administrators. How does CommandCenter NOC control IDS false alarms?
Our IDS has a signature profiler which allows the administrator to tailor the IDS to the environment, thereby vastly reducing false alarms. This can even be done at the signature level.

What services and applications do you discover and monitor?
The list of services discovered and/or monitored include the following:

• DHCP, DNS, EyeLID, FTP, HTTP, ICMP, IMAP, Informix, MSExchange, MySQL, MS SQL Server, OpenSSH, Oracle, POP3, PostgreSQL, Router, SMTP, SNMP, SNMPv2, Sybase
• ICMP - If a device responds to a "ping," which uses ICMP for its transport, the device will be flagged as supporting ICMP and will be tested for ICMP availability on the standard polling interval.
• MSExchange - If a device is determined to support MS Exchange, it means that we have discovered email-related services (IMAP, POP3, or SMTP) on one of its interfaces, and the banner received from that service identified the server as MS Exchange. The MS Exchange service indicates that the CommandCenter NOC was able to recognize that the server is MS Exchange, but due to potential configurations of the server that could disable banners, we do not guarantee that all MS Exchange servers will be identified as such.
• Router - If a device is identified to support the "Router" service, it must first support either SNMP or SNMPv2, and it must respond positively to a query of the.ipForwarding OID. This service is not polled on a regular polling interval, but instead, is used to help maintain appropriate contextual displays in the CommandCenter NOC’s user interface.
• SNMP/SNMPv2 - Will discover if a device supports, specifically, SNMP version 2 (SNMPv2). SNMPv2 support implies that the devices supports the GET-BULK operator, which allows the CommandCenter NOC to pull performance data from the device using a far more efficient query, reducing network overhead, and freeing up the CommandCenter NOC to poll the next device in less time. Note that if a device supports both SNMP (which implies SNMP version 1) and SNMPv2, the CommandCenter NOC will query the device with SNMPv2 only, as it's more efficient and there is no need to retrieve redundant data.

Does CommandCenter NOC only monitor a Microsoft server?
It can monitor a comprehensive list of server brands and types. It supports Microsoft servers via WMI and any other server that supports SNMP. It will also provide an up/down status of any device that it can ping.

Do we need to install any agent on the servers we monitor?
No agents are used. CommandCenter NOC leverages WMI and SNMP which are typically already loaded on the target machines. Some Microsoft enterprise-level service monitoring features require WMI support enabled.

Will signatures for intrusion detection and vulnerability scans be maintained? How often will updates be available? How are customers charged for these updates?
Raritan will maintain and update signatures for customers who have support contracts. Customer’s pay for the signatures as part of their software support agreement.