Obj #

730 Network Management Using ManageWise 2.6

Author: Maureen Fitzgerald Maureen.Fitzgerald@us.origin-it.com


Section 1 = The Purpose and Benefits of Using ManageWise


Describe the role of network management.

Gather information:

  • Create an inventory of existing network system
  • Monitor network devices
  • Gather information for evaluating system performances

Analyze data:

  • Perform network analysis, including analysis on early warning system
  • Identify existing and potential network problem 
  • Identify performance bottlenecks, bad equipment or configurations, and solutions to network problems

Perform preventative maintenance:

  • Install an integrated, network-wide virus protection system
  • Remotely access, manage, and trouble shoot network devices

Complete repairs:

  • Gather information about real-time problem notification, diagnosis, and solutions

Re-engineer existing systems, replace inadequate systems, and expand existing systems


Explain the management tasks supported by ManageWise.



  • Function:  creates and manages the Inventory database
  • Location:  runs on at least 1 server on the internetwork

·         Automatic discovery (NetExplorer software) – discover routers, servers, and workstations, regardless of protocol

  • Integrated graphical maps – show the devices on the network
    • Internetwork map = provides an overview of the network topology
    • Segment map = displays all the stations on a specific segment of the network
    • Custom map = can be setup to show the geographical location of sites and devices; also provides links to tools used to monitor and manage devices
  • Hardware and software inventory – scans each node for component information such as processor type, memory size, and installed software applications
  • IPX and IP address management  - display tabular report of network numbers in use
  • ZEN works integration – fully interoperable with ZENworks v1.0 or greater.
    • MW Console management operations:
      • Scan inventory
      • Execute remote programs
      • Control and reboot stations
      • Chat
      • Transfer files
      • View a workstation summary
      • Display device driver and ROM extension information
      • Examine CMOS configuration parameters
      • View interrupt vector information
      • Execute a ping test





  • Function:  Allows servers to be remotely managed
  • Location:  Runs on each server
  • Multiple server management  - (NW 3.1x, NW 3.2, NW 4.1x, NW SMP, NW SFT III, NW5)
  • Unattended monitoring – (24 x 7)
  • Server optimization – monitors file activity, volume data, disk drive configuration, total packets, CPU utilization, memory, and print services
  • Print queue monitoring – displays network print queue activity in tabular format and graphical format

DESKTOP MANAGEMENT - (Desktop Manager software)

  • Function:  allows the workstations to be remotely controlled and managed
  • Location:  contains elements that run on workstations and servers
  • Configuration management – request notification of changes to common configuration files (AUTOEXEC.BAT and CONFIG.SYS)
  • Remote desktop management – Control Station takes control of user’s desktop to troubleshoot, fix a problem, or show the user how to use an application
  • Chat – “talk” in real time to users through their desktop screens
  • File transfer – easily transfer files to a client PC on the network; user does not have to download files
  • Remote workstation reboot – reboot a user workstation after transferring files or updating configuration information


NETWORK DISCOVERY – (NetExplorer software)

·         Function:  discovers IP, IPX, and LANalyzer Agent information

·         Location:  funs on at least 1 server on the internetwork



  • Function:  gathers segment statistics and captures packets for troubleshooting purposes
  • Location:  runs on 1 server for each segment
  • Traffic analysis – identify overloaded network devices, segments, or users generating significant traffic, and rebalance the network load
  • Detailed troubleshooting – monitor and alert you to potential problems such as network errors, duplicate IP addresses, or network overload
  • Common network and protocol support – includes FDDI, Ethernet, Token Ring, and variants of these standards, such as 100Base-T.  Support also, AppleTalk, BOOTP, DHCP, IPX, NCL over IP, NetWare/IP, SLP, SMTP, SNMP, SNA or LLC2 and TCP/IP
    • 3 Different Network Traffic Analysis Utilities:
      • Segment Trends Graph
      • Network Dashboard
      • Top Stations Report













  • Function:  Provides virus protection for the internetwork
  • Location:  contains elements that run on workstations and servers
  • Comprehensive scanning – monitoring for viruses on all the workstations and servers on the internetwork
  • Continuous real-time protection – MW checks for infected files at many times:
    • As files are transferred to and from the server
    • During prescheduled and on-demand scanning of servers
    • During continuous scanning of the workstation or at login
  • Automatic maintenance – MW can be configured to automatically quarantine, rename, clean, or delete infected files
  • InocuLAN domains – provide centralized administration for all InocuLAN servers on your network. Configuration changes are automatically propagated to all InocuLAN servers in a domain
  • Multiple client support – MW includes support for most popular desktop operating systems, including:
    • MS-DOD, Windows 3.x/95/98/NT and MacOS



List the ManageWise components.


  • MW inventory Manager – creates and manages the inventory database; runs on at least 1 server on the internetwork
  • NW Management Agent software – allows servers to be remotely managed; runs on each server
  • Desktop Manager software – allows the workstations to be remotely controlled and managed; contains elements that run on workstations and servers
  • NetExplorer software – discovers IP, IPX, and LANalyzer Agent information; runs on at least 1 server on the internetwork
  • NW LANalyzer software – gathers segment statistics and captures packets for troubleshooting purposes; runs on 1 server for each segment
  • Cheyenne InocuLAN AntiVirus – provides virus protection for the internetwork; contains elements that run on workstations and servers


ManageWise Console – provides the graphical user interface (GUI) that allows you to manage your internetwork.









Section 2 = Installing and Configuring ManageWise


Install ManageWise on a NetWare server and a Windows workstation.


Verify system requirements:

  • NW 4.1x-based MW Server =
    • CPU 486/60 MHZ minimum, Pentium recommended
    • 48MB RAM minimum, 64MB recommended
  • NW 5-based MW Server =
    • CPU Pentium
    • 64MB RAM 64 MB minimum, 96MB recommended
  • all MW servers =
    • Network board with promiscuous mode driver
    • 27MB disk space
    • User account with Admin or Supervisor equivalent
  • NW Management Agent =
    • Supported platforms: NW5, NW 4.1x, NW 3.1x, NW SFT III, NW SMP, NWSB 4.11, NW/IP

Verify MW Console system requirements:

  • MW Console =
    • Support platforms: Win95 (with updates), Win95 OSR2, Win98 (32MB min, 64MB rec),WinNT WS SP3 (48MB min, 64MB rec)
    • CPU:  Pentium
    • Windows 95 or 98:
      • 32MB RAM minimum, 64MB recommended
    • Windows NT 4.0:
      • 48MB RAM minimum, 64MB recommended
    • Client Software:
      • Novell Client
      • ZENworks Client
    • VGA monitor, CD-ROM drive, 3.5” diskette drive, and mouse
    • Network board
    • 69MB of disk space for executable programs
    • 10 to 50MB of disk space for the ManageWise database
    • 18MB of disk space for SyncComplete and TrendComplete
    • Approximately 1.5MB of disk space per month for SyncComplete

Collect MW Server and Console information:

·         User account and password (Admin equivalent)

·         NetExplorer server name (3.12, 4.1x or later)

·         Update autoexec.ncf?

·         Update container or system login script?

·         MW 2.6 supports only NW 5 and NW 4.1x as MW servers

·         MW setup automatically updates AUTOEXEC.NCF, NET$LOG.DAT, AUTOEXEC.BAT, WIN.INI files

Prepare your system for installation:

·         verify minimum system requirements for the server

·         unload antivirus software on server

·         unload MW software on server

·         if upgrading, consult MWREADME.wri

·         verify minimum system requirements for the MW console WS

·         shutdown all applications in Windows

·         map a drive to MW server

Install and configure the MW software:

·         NetExplorer

·         NW Management Agent

·         NW LANalyzer Agent

·         Desktop Management Tools

·         InocuLAN

·         MW Console

·        TrendComplete/SyncComplete


Install the ManageWise product manuals

  1. From MW setup menu, select Install Manuals
  2. destination directory = G:\MWDOCS
  3. ....  (perform the installation, follow screens)
  4. To view the MW online Manuals, select Programs|Managewise|Online Manuals


Describe the post-installation procedure for ManageWise.

·         Synchronize the MW_LOGIN.DAT file on all servers

·         Enable the LANalyzer Agents

·         Enable IP packet forwarding, if necessary

·         Update MW_AUTO.NCF file on all servers

·         Restart all Netware servers

·        In MW Console select All|Network Segments, select network - Configure|Network Segment|Start Polling


Describe the modifications made to AUTOEXEC.NCF, MW_AUTO.NCF, MW_LOGIN.DAT, container Login Script, and System Login Script during ManageWise installation.


During MW installation the following changes are made:

  • Files are copied to the MW Server and MW Console computers
  • Several objects are added to the NDS database
  • Configuration files and login scripts are created or modified. These files include:



·         NMBASE.NCF

·         NETXPLOR.NCF

·         NMA2.NCF

·         MW_AUTO.NCF (Desktop Management)

·         START4.NCF (InocuLAN)


·         load user

·         load ldinv.nlm file=sys:mw\ldt

·         load ldiscan inv_serv=<server> file=sys:mw\ldt scannow


REM === ManageWise Desktop Management Include file for System Login ===
REM created:  Wed Mar 01 09:27:12 2000
#\\RUNW01\SYS\MW\LDT\LDISCNNT /NTI04465E6C:000000000001 /S="RUNW01" /V /i=\\RUNW01\SYS\MW\LDT\ldappl.ini
REM === End Include File ===


  1. Container login script:

REM ---- MANAGEWISE 2.6 -----
REM **** BEGIN ManageWise IPX Discovery of NT Workstn Section
REM **** END ManageWise IPX Discovery of NT Workstn Section
REM *** BEGIN ManageWise Desktop Management Section ***
MAP ins S1:=L:
MAP L:=S1:
MAP del S1:
REM *** END ManageWise Desktop Management Section ***


- similar to the changes to container login script.













Section 3 = Using ManageWise to Create a Database of System Components


Explain the ManageWise components and files that are responsible for the network discovery process.



·         NetExplorer:   runs on NetExplorer server

·         NetExplorer Manager:   runs on Managewise Console Station

·         NetExplorer writes discovered information to:


·         NetExplorer Server send records to SYS:\NMDISK\NETXPLOR.DAT to NetExplorer Manager on a MW Console station

·         NetExplorer Manager stores records in MW database on MW Console


·         NETXPLOR.NCF:

search add sys:\nmdisk
load sys:\nmdisk\netxplor
load sys:\nmdisk\nxpcon
load sys:\nmdisk\nxpip – collects TCP/IP-related data
load sys:\nmdisk\nxpipx – collects IPX/SPX-related data

load sys:\nmdisk\nxplanz – collects info from LANalyzer Agents

·        Discovery process:

o       IP discovery (using local router table info discover other routers and so on)

o        IPX discovery (NetExplorer server IPX address, LAN type of network boards, SAP. Then the same for each device listed in directory or bindery) Working directory sys:\nmdisk\nxpwork

o        Protocol-independent discovery (NXPLANZ identifies NW LANalyzer Agents, LANalyzer Agent on segment discover devices by MAC address in packets, NXPLANZ retrieves MAC address data by SNMP)

o        during initial discovery cycle, these modules run sequentially. Later they run concurrently (only new or changed data are send to NETXPLOR.NLM).

o       initial discovery can take from a couple of hours to several days.


Explain the function of the LANalyzer Console.


  1. LOAD LANZCON (F3 - toggle monitoring)
    2. Customize the operation of LANalyzer Agent.
    3. View statistical data including network adapter and LANalyzer Agent items.









Explain the function of the NetExplorer Console.


  • NXPCON configures and monitors NetExplorer on a NetExplorer Server
  • Used to schedule when discovery process cycles should be run
  • Status options:
         - NetExplorer Up Time – show time elapsed since NetExplorer started running
         -The number of Consoles Attached – can have up to 8 consoles attached

                       simultaneously to one NetExplorer Server

                 - NetExplorer System Status – shows overall status with 2 values:

o        Initial cycle in progress: at least 1 discovery module (NXPIP, NXPIPX, or NXPLANZ) has not yet completed its first cycle

o        Initial cycle completed: all modulaes have completed at least 1 pass

     - Module status – shows status of each module (NXPIP, NXPIPX, and NXPLANZ)

            and the number of cycles each module has completed. Status values:

o        Not Loaded

o        Waiting to Start

o        Running

o        Suspended

o        Completed

o        Unknown

  • NXPCON is automatically loaded when NetExploer (NETXPLOR) is loaded. NXPCON and NETXPLOR are typically loaded every time the server starts or reboots. However, you can also load NETXPLOR and NXPCON by typing LOAD NETXPLOR at the system console prompt.
  • To exclude a user from the discovery process, exclude the user's name using IPX discovery option.
  • For each NetExplorer Server, up to 10 MW Console stations can be attached.
  • NetExplorer and NetExplorer Manager can be scheduled but the two do not need to be synchronized.




Section 4 = Evaluating the Database


Prepare a detailed internetwork map through the use of the default Internetwork and Segment Maps.


Network documentation should include:

  • Maps that detail physical and logical layout of each network segment and their relationship to each other
  • Lists of addresses of all network devices and their locations:

MW provides three type of maps –

  • Internetwork Maps graphically depict the internetwork segments and routers, and the relationships among them.
  • Segment Maps detail each network segment, with icons representing the discovered devices
  • Custom maps show geographical or floor plan views.


MW automatically creates Internetwork and Segment maps based on info it gathers from NXPIPX (and NXPIP and NXPLANZ if running)


Internetwork map (File|Open|Internetwork map
     - can be in Tree (default) or Connected Graph formats. It shows the routers,  segments and logical connections between them.
     - In TREE view lines connecting routers and segments are called connection

     - Larger networks are best viewed as TREE.

Segment map (File|Open|Segment map)
      - shows WS (IBM and Apple), servers, printers, routers, mainframes etc. from   

         that segment.
      - allows access to MW database for each component.
      - segment map is a launching point to remotely monitor and manage stations


List all the discovered IP and IPX network addressess using ManageWise View All Tables.


1. View|All|IP Networks
          - lists network numbers, subnet masks, media type
          - This list is not dynamic. It remembers all IP addresses that have been used on this

2. View|All|IPX Networks
          - lists network numbers, media type, NW system names
          - if you have duplicate IPX addresses, they can be seen
          - similar to DISPLAY NETWORKS on NS server


List all the discovered Media Access Control (MAC) addresses using Desktop Manager.


  1. Select inventory server on segment map
  2. Tools|Desktop Manager
  3. View|Columns
  4. Available components -> Address >> OK
  5. ! You can save columns settings and later recall them from a list.


Inventory the internetwork's hardware and software using Desktop Manager's Query tool.


  • MW scanning applications:
    - LDISCAN.NLM (LDINV.NLM stores this information on specified inventory server)
    - MacScan (MACIPXGW.LAN driver translates AppleTalk and IPX)
  • automatically collect hardware and software information about servers and workstations. the scanned data stored in a Btrieve database on a MW server can be accessed through MW Console's Desktop Manager. Inventory on PC not connected to network - merge with inventory database.
  • In Desktop Manager close default display of the inventory database by double-clicking the inventory server icon


  • Select needed from Components list (Only previously discovered components and values are displayed)
  • You can edit query in Query Building Box
  • OK
  • View|Columns in order to see results.

! SYS:\MW\LDT\Changes.log is not enabled by default.


Use SyncComplete to create a unified database, post queries, and generate reports.


  1. SyncComplete include:
    - SyncComplete Database Integrator (1000 inventory servers!)
    - SyncComplete Console
  2. SyncComplete provides:
    - Database integration
    - Query tools
    - Network reports
    - Auditing tools
    - Configuration tracking
    - Configuration baseline comparison
    - Asset tags
  3. Database Administration Tool - > backup MW database
  4. SyncComplete Database Integrator -> Browse server -> select server and path to inventory database -> Add/Modify -> OK -> Process <server>
  5. Unified database can be viewed in 
    - Configuration summary
    - System information
    - Inventory change log
    - Identification
  6. SyncComplete provides advanced reporting features:
    - Segment reports
    - Network reports
    - Alarm reports
    - Miscellaneous reports
  7. Query:
    - click query
    - Target Box Type (all items) -> Query Component -> Operator -> Description -> Add to query -> Start query




Section 5 = Troubleshooting Login Problems


Verify that the server is accepting login attempts.


·         On the segment map, double-click the icon for <server>.


·         In the <server> configuration window, double-click the System Summary icon


·         Verify that Login State is set to enabled.


·        Verify that users have been able to log in to the server - In the <server> configuration window, double-click Users



Verify that the server is operating by checking for server errors and making sure that the server has not abended.


1. Check <server> System Error Log:
        - on segment map, double-click the icon for <server>.
        - if this server is router then click Netware: Management Agent and click open
        - click Netware administration utility button (first from the left)
        - click Error Log page button

2. Examine <server> console for error messages:
        - on segment map, double-click the icon for <server>.
        - if this server is router then click Netware: Management Agent and click open
        - click Remote Console button (second from the left)



Use the ManageWise Console (conversations table) to verify and evaluate network communication.


  • MW conversations window monitors communications between a selected device and all other network devices.
  • Statistics shows whether two devices are communicating and how much data they are transmitting.
  • MW Console uses SNMP to update conversation window.
  • In any map select server or Workstation



Use the Capture Packet tool to evaluate capture-filtered and display-filtered packets.


  1. Packet captures allow you to look at the nature and content of the packets by capturing  them in a buffer on a server.
  2. Select segment to monitor, select device/devices (optionally),

         Performance|Capture Packets         

  1. Capture Filter – filters what is captured (input) and how much is captured.
  2. Display Filter – filters what is sown on data captured.




Section 6 = Monitoring Critical Systems


Create a critical system alarm group using a locational map.

·         Custom map created manually by user to only display/monitor nodes they have selected.

·         Edit|Custom Map|New

·         File|Open|Custom Map

Select device
- Connectivity Test: Fault|Ping Once
- Alarm Report: Fault|Alarm Report



Create a connectivity test group.

  1. Fault|Ping Periodically
  2. Monitor the availability of selected devices and current performance levels of the connection between devices and your MW Console.
  3. Add (5 from the left with +), Name|Resolve|IP or IPX address|Add
  4. Save (4 from the left)
  5. Stop (2 from the left)
  6. Start (1 from the left)
  7. Change Test (9 from the left)
  8. Reset Test Statistics (10 from the left)
  9. Disable entry (8 from the left)
  10. Enable entry (7 from the left)



Create and use an SNMP profile to monitor a NetWare server.


  • MW can use SNMP MIB (Management Information Base) to monitor network and assist in creating alarms when problems occur.
  • SNMP MIB Browser (Tools|SNMP MIB Browser) show SNMP statistics of a selected device.
  • SNMP MIB Compiler (Tools|SNMP MIB Compiler) incorporates third-party MIBs into the MW SNMP configuration (C:\MW\NMS\SNMPMIBS\CURRENT is source folder, C:\MW\NMS\BIN\SNMPMIBS.BIN - compiled binary base)
  • SNMP MIB Compiler adds any traps contained in the MIB to MW alarm database.
  • Individual SNMP statistics are known as scalars.
  • Groups of SNMP statistics are known as profiles.

To create a custom profile for <server> 
- select <server> from a segment map
- launch SNMP MIB Browser
- click Add
- input Name, Description, click Polled, Scalar, add Scalar Attributes Choices, Save, OK







Create and print trend graphs.

1.       Server trend graphs:
- On a map, select <server>
- Performance|Netware Server Trends
- Select parameters (for example, FS Reads #/min, FS Writes #/min, FS Reads KB/min,     FS Writes KB/min) and click OK
- adjust scale and print report (10 from the left)

Segment trend graphs:
- On a internetwork map, select Segment.
- Performance|Segment Trends
- print report (9 from the left)


Create thresholds and set threshold delta values.


1.     Server alarms are used to monitor server performance. Many server alarms are available. Most are disabled by default; some are useful only in specific circumstances. Some thresholds, such as CPU Utilization, use averages to trigger alarms. Other thresholds use actual number counts.
a) For file servers, you might set thresholds for the following alarms:
- File Cache Hits (avg.%)
- Dirty Cache Buffers (avg.%)
- Cache Buffers (%)
- File System Reads (#/min)
- File System Writes (#/min)
b) For print servers, you might set thresholds for the following alarms:
- Ready Jobs in Queue (avg. KB)
- Ready Jobs in Queue (avg. #)
- Wait Time of Next Ready Job (sec)
c) For all type of servers, you might set thresholds for the following alarms:
- CPU Utilization (avg.%)
- Allocated Memory (%)

2.     Server Thresholds
- select a map with server
- select <server>
- Performance|Netware Server Thresholds
- Double-click parameter
- Click Graph button
- If possible, compare the current average value with your baseline

3.     You can use segment alarms to monitor and analyze traffic on a segment. All segment alarms are raising alarms. To prevent multiple alarms caused by the same condition, the statistics must fall at least 10% below the threshold value and then rise above the threshold again before the alarm can be tripped again.

4.     The available segments alarms include
- Packets
- Utilization (%)
- Broadcasts
- Fragments
- Jabbers




5.     Alarm Bells:
- Red bells signify critical alarms (on the left)
- Magenta bells represent major alarms
- Yellow bells denote minor alarms
- Blue bells indicate informational alarms

6.     Ticker messages at the lower left corner of MW Console


Record network segment trend data and set segment traffic thresholds.


  1. You must set a threshold value and a sampling interval for each segment alarm.
  2. Configure segment alarm:
    - On the internetwork map, select a network segment
    - Click the Trend Graph button (#7).

Observe the statistics to estimate current packets per second.
- Close the graph
- From the MW Console menu, select Edit|Database Object (Icon with123)
- Scroll down and select the Segment Alarms icon
- To reset values to their defaults, click the Default All button
- Click Packets; then click Edit
- Set the value slightly above viewed
- OK; Save; close Database Object Editor 


Generate network trend reports.


TrendComplete collects, analyzed, and reports NW server and network segment statistics.

TrendComplete has the following capabilities:
      - Collects NW server performance statistics from NW Management Agent
      - Collects network segment statistics from RMON agents
      - Allows data collection parameter selection and scheduling
      - Allows historical data comparison using line and three-dimensional charts
      - Generates summary reports on a group of servers/networks on a weekly, monthly,

          and yearly basis
      - Generates pre-scheduled Health Index reports on a server's overall health and

          trending  Information in HTML format
      - Allows data collection from as many as 1000 servers and networks





Section 7 = Troubleshooting Printing Problems


Use the Print Server Detail window and Queue Monitor to verify that print servers and queues are receiving and processing print jobs.


  1. Problems printing to a network printer
    - The print server is not up or is not functioning properly
    - The printer object has not been assigned to a print queue or the print server has not been assigned to manage the printer
    - The user's WS is not configured properly for network printing
    - The user is sending print jobs to the wrong queue, or the user has selected the wrong printer
    - The printer has a hardware or configuration problem
  2. MW components to diagnose print server and print queue problems:
    - Print Server Detail window
    - Queue Monitor
  3. Print Server Detail window
    - View|All|NW Print Servers and double-click <Print Server>

Queue Monitor
- Tools|Queue Monitor (select queue server to monitor)
- Status, Owner's Name, Size in bytes, ID number, Description
- View|Options|Select Queues (2nd from the left)
- View|Bytes Histogram/Jobs Histogram


Use the Queue Monitor to move, copy, hold and delete print jobs.


Queue Monitor allows you to move, copy, hold and delete print jobs using drag-and-drop or menu options


Use Desktop Manager's Control Station to remotely control and manipulate a workstation.


1. Desktop Manager components to access or control a remote station:
         - USER.NLM (remote management of NW servers)
         - USERTSR.EXE (remote management of DOS WS)
         - WUSER.EXE (remote management of Win95 and 98 WS)
         - WUSER32.EXE (remote management of WinNT WS, started as service)
         - USEROS2.EXE (remote management of OS/2 WS)
2. Types of security
         - Password protection
         - Access rights lists
         - Permissions window
         - Notification
3. Control and manipulate
         - In Desktop Manager select WS
         - Tools|Control Station
         - To exit Control Station session, click the upper-right corner of the window


Use Chat to conduct a communication session.


Select WS - Tools|Chat



Establish alarm thresholds to monitor print queue activity.


1. Monitor print queue activity with these MW server alarm thresholds:
         - Ready Jobs in Queue (avg. #)
         - Ready Jobs in Queue (avg. KB)
         - Wait Time of Next Ready Job (sec)
2. The following alarm thresholds track server conditions and activity related to print queues:
         - Free Space on Volume (%)
         - Free Redirection Area (%)
         - FS Reads (#/min)
         - FS Reads (KB/min)
         - FS Writes (#/min)
         - FS Writes (KB/min)
         - CPU utilization (avg. %)
3. You need to monitor network printing activity both before and after troubleshooting a user's printing problem.
4. Creating Print Queue Thresholds
- On segment map click <server>
- Performance|Netware Server Thresholds
- Double-click parameter and set threshold








Section 8 = Eradicating Computer Viruses


Describe computer viruses, common sources of infection, potential hazards, and detection techniques.


1.       A computer virus
- is an executable program
- can replicate himself
- can attach itself to other executables and spreads throughout a computer or network

2.       Sources of infection:
- diskette or other forms of removable media (80%)
- modem (BBS or Internet) 20%

3.       Potential damage
- File deletion
- Damage to FAT and Directory Entry Table entries
- Reformatting disk drives
- Other forms of data loss

4.       Detection techniques
- Integrity Checking
- Rules-Based Detection
- Interrupt Monitoring
- Signature Scanning

5.       Virus Characteristics:
- Memory resident viruses
- Stealth viruses
- Polymorthic Viruses

- Boot sector
- Master Boot sector
- Macro
- File
- Multipartite


Describe the components, architecture and features of Cheyenne InocuLAN.


1. Components:
        - InocuLAN Server (InocuLAN domain Server)
        - InocuLAN Real Time Monitor
        - InocuLAN Manager
2. Architecture
        - InocuLAN is based on a client-server architecture with both server and workstation             

           working together.
        - InocuLAN uses domains to provide a single point of administration for multiple

3. Features
        - Scheduled scanning
        - NDS compatibility
        - InocuLAN server domains
        - Scanning of compressed files
        - Windows real-time monitor (VXD)
        - WS scanning records, viewed from the Domain Manager
        - Server update program SUPDATE (unattended updating for multiple InocuLAN

        - Automatic server and WS virus signature file updates
        - Sophisticated alert system
        - Flexible reporting
        - Enforcement facility (WS without InocuLAN can not login)
        - Critical disk area protection


Use Cheyenne InocuLAN and AntiVirus to scan the server for viruses.


1. Scanning a domain:
          - From Domain Manager, select the Add/Reschedule a Scan Job
          - In Job Properties dialog|Targets/Schedule tab enter the requested information 
          - Click Actions/Options tab
          - Select the desired File Selection options; then click OK
          - From Domain Manager, you can view jobs that are in the queue


Scan a workstation for viruses.


1. Launch Cheyenne antivirus for W95
2. Click Scanner
3. Select logical disk in Directories List
4. Scan|Options
5. Scan type - Fast Scan, OK
6. Scan|Start Scanning


Schedule an automatic workstation scan.


In Login Script for OU in MW InocuLAN Virus Update Section AVUPDATE utility will execute for members of the MANAGEWISEGROUP group object






Section 9 = Troubleshooting Network Performance Problems


Describe possible performance issues as regarding network servers, LAN segments, and workstations.


1. Performance issues:
    - Another service request is monopolizing the server's resources
    - The server is being asked to provide too many services
    - The routers between WS and server are overworked, or too few alternate routes are

    - Segments between the WS and the server are overloaded
    - The server configuration is not optimized for file I/O
    - The WS configuration is incorrect
    - A network connectivity device, or other device, has failed
2. Overworked servers
    - TrendComplete"s NW server health reports
    - Server Trend Graph (packet loads and system reads and writes)
    - Current number of active processes on the server (SNMP statistics)
    - Compare the current work load with baseline data
3. Overloaded Segments
     - TrendComplete"s network health reports
     - Segment Trend Graph (Total Packets/sec, Good Packets/sec, Error Packets/sec per 

        minute, hour, week, month, year)
     - Compare the current segment load with baseline data
     - All segments between WS and server
4. WS Configuration
      - hardware inventory query (CPU is slow?)
      - Control Station to examine Win 95 or Novell Client network configuration
      - SyncComplete's baseline reporting features can be used to determine the characteristics

          of WS on your network                 
      - Capture the packets sent and received by the WS during a file I/O transaction



Apply an SNMP MIB profile to a server and compare the data with baseline data to evaluate server performance.


1. Select <server> from a map
2. Launch SNMP MIB Browser
3. Run saved profile
4. Compare the data with baseline data


Create network segment trend graphs and compare the results with baseline data to evaluate segment work load.


See Objective 23


Create and print server trend graphs and compare those graphs to baseline data to evaluate server performance.


See Objective 23



Use Conversations Windows to verify communication and evaluate conversations between a workstation and a server.


1.       MW conversations window monitors communications between a selected device and all other network devices.

2.       Statistics shows whether two devices are communicating and how much data they are transmitting.

3.       MW Console uses SNMP to update conversation window.

In any map: 
- select server, WS, and router server
- Performance|Conversations
- Observe the statistics for a moment


Capture packets and use display filtering to solve read or write performance problems between a workstation and a server.


  1. From your station, capture packets sent between WS and Server
    - Use Ctrl+Click to select WS and Server on the segment map for needed LAN
    - Initiate a packet capture to record all packets that pass between those two computers in

       both direction (by running STEST.BAT on WS)
    - After a moment, stop the capture (and STEST.BAT)
2. View the packet capture
3. Filter the display of captured packets to show only packets that include NCP information
4. What is the ratio of read requests from WS to read responces from Server?


Use TrendComplete to analyze NetWare server Health reports.


1.TrendComplete includes two applications:
    - TrendComplete, a data collection, analysis, and report utility.
    - Report Viewer, which provides reporting features only
2.Daily Reports in HTML format can be used to analyze the Health Index of NW servers

      and network segments. A Heath Index is the sum of several key statistical parameters.
3. Detail Reports allow you to view historical data for use in baseline comparisons and

    problem detection/isolation
4. Use TrendComplete to analyze NetWare server Health reports:
     - Launch TrendComplete 
     - If prompted to import NW servers and networks from NMS database, click Yes
     - To select server, click Import 
     - In the New dialog for <server>, select Netware Server
     - Set Region to <Region>; then click Add to List
     - In the data Synchronization dialog, click OK to select the default history agent start 

     - When informed that data collection will begin at 6 p.m., click OK
     - Select Configure|Collect Data Now
     - Select Performed on all tasks and click OK. The data collection begins
     - Once the data collection process has been completed, select Report|Summary

          Report(Chart)|NW Server
     - In the Report field, select Server Health; then click OK



Section 10 = Planning System Upgrades


Describe issues related to system upgrade planning including workstations, servers, and network segments.



  • Hard disk space
  • RAM
  • OS and version
  • software and versions
  • function of new application
  • network client and version
  • configuration
  • protocols


·         memory usage

·         free volume space

·         processor utilization

·         number of services installed

·         average number of users logged in

·         FS reads and writes per minute

·         total number of packets transmitted and received


  • current bandwidth utilization + additional bandwidth
  • performances degrades (Ethernet if >40%)
  • evaluate trend data



Use Desktop manager's Query tool to determine if stations can run a new application.


Desktop Manager|Query:
1. Logical drive C free >= 400 MB
2. Logical drive C exists
Processor type exists


Use a Monitored Segments table to identify all discovered network segments.


View|All|Network segments


Use the top Stations table to identify the top traffic-generating stations on a network segment.


Select segment: