A few weeks ago, we reviewed Insightix Enterprise 1.5. Quick as a penguin chasing a herring, they released 2.0 on us. A round up of new features are:

• Automatic OS Signature Generator
• Offline Elements Support
• Inventory Right-Click Menu
• Detection of DHCP Servers
• Event History
• HTTPS Support
• SNMPv3 Support

What’s good?

The 2.0 product continues the “turn it on and it works” functionality that we enjoyed so much in the 1.5 review. In about 20 minutes, we had a real time picture (literally) of every device and virtual machine on our network.

The new features in the 2.0 release make the overall product feel more mature. We found a rouge DHCP service running on an old testing machine almost immediately. The inventory right click menu saves a bunch of time when editing an element and gives the browser interface a desktop like feel. The automatic OS signature generator reduced our unidentified OS count to a manageable handful.

There were a number of other features we really liked that aren’t so obvious unless you used the 1.5 version. Software release updates can now be applied and managed through the web interface. The configuration screens (that you don’t need to use very often) have a much more logical layout than the previous versions and the whole thing feels faster.

What’s not so good?

On the release date(today), they only support Internet Explorer for management. While IE may have 85% of the browser market share, we’d be willing to bet that Firefox is the vast majority in the data center. Official word is that some bugs related to Firefox couldn’t get fixed in time for the release date, but this is a real sore point. With Microsoft’s complete failure to fix a serious bug for a few more weeks, no good admin is using IE these days. It’s hard to even find a copy here in Penguin Land, we did manage to dig one up inside on old Xen virtual machine to do our testing. This release without broad browser support can be a deal killer for many shops.

The historical/offline feature needs some tweaking as well. If you have a device that drops off the network and then reenters with a different IP address, we found that sometimes it shows up as a separate (and unauthorized) device. This could get a little out of hand in a large DHCP range of machines but we think this might just be a little release day bug.

What’s next?

The new features make Insightix feel more like a mature product. They’ve added a number of features that make managing more than a few hundred devices much easier than their previous releases and the whole interface has a more snappy feel to it.

That being said, we can’t help but long for something more to do with all of this cool data that it gathers. We can view things like performance data in real time, but there’s no way to look at it historically. This means that we still need something else to collect and manage this exact same data and that something else is going to be much more intrusive to our network than Insightix is. Maybe an OBDC connection to the data, or a more flexible reporting interface would do the trick.

All together, Insightix does do exactly what they say it does, it gives you a real time view into your network without any fuss. There’s a simple elegance to the product that is very appealing and it fits very nicely into our “it just works” mantra.

On the east coast, you can buy Insightix from Assurance Data, Inc.]]>

Synopsis

We spend a huge amount of time protecting our network access, but how many of us can say with any certainty exactly what’s on our network? I was having lunch with a friend who runs a medium sized company and I asked the question “How many servers do you have on your network?”, his reply: “I don’t know maybe 350-450”. So apparently, a 25% margin of error is acceptable to him. Got a site license for a product? Paying for the right number of installations? How do you know? How many people are running web servers on your network? Don’t worry, we didn’t know the exact number either, but we do now.

Insightix Ltd.’s Insightix Dynamic Infrastructure Discovery Collector 1.5 did a complete inventory of Imapenguin’s testing network in just over 20 minutes. It identified every aspect of the network correctly and displayed changes we made in real time. Installation was a snap, and most importantly, we didn’t have to do anything but put it in a place to see all of the traffic.

Overview

Insightix is a new company in an interesting space. As an “Infrastructure Discovery” platform, they have some competitors, including being able to do some of this with a mash-up of open source tools, but none are packaged quite like this. Insightix uses a combination of BOTH active and passive discovery. The result is a very good picture of your network in less than a half and hour with much (much much much) less active traffic required for probing to find out what’s going on.

Installation and configuration

The Insightix product requires two network interfaces to work properly, one for active scanning and one for passive scanning. In order to do passive scanning, the product needs to have one of it’s two interfaces on a span port that is configured to access all of your traffic. The quick start and admin guides outline this well. We configured out network switch to span a port, connected the passive port to it, and connected the active port to an ordinary switch port. Only the active port needs an IP address.

The enterprise product installs a locked down Linux (based on Ubuntu if you were wondering) on most standard x86 servers. We chose a fairly standard Dell PowerEdge server with 1GB of Ram. First you do a download from the ftp site, gunzip the file, burn the iso to a CD, and boot. You can bypass this step by requesting an CD from them if you don’t want to go through this cd creation process. If you are familiar with many unix style text based installations, you’ll recognize the standard Linux boot messages scrolling by. Hit the space bar a few times to scroll through the EULA, type ‘yes’ to accept and the system installs and automatically reboots. You are then prompted to enter the information about your IP address for the active interface, which is also the interface you’ll point your web browser to in order to get to the web interface. You make a simple decision about whether you want to enable NTP (I said yes), and you’re done. At this point, the system immediately starts it’s passive listening. Active scanning starts after 10 minutes and only probes a few ports to determine some more information based on it’s preliminary operating system guess.

The next step is to login to the web interface. On any system with Java 1.5 installed, point your web browser at the ip address and login as admin. The password is blank by default, and yes, you should set one. There is only one other optional configuration step and that’s to go over to the configuration tab and set your SNMP string(s) if you have them. You can also add some information about your switches or subnets if you have a particularly unusual or complicated network.

Performance

Bounce (or waddle if you’re a penguin) over to the Dashboard and see how it’s doing. After about 20 minutes, the “undetected” counts should shrink to a low number and the “detected” should be going higher

A big part of the problem with current infrastructure discovery products is the traffic they generate with the active scanning. Some of them probe every port, 1-65535 for every machine. You can get an idea of how much traffic this type of scanning will generate by doing it on a single machine by running nmap. Just do:

sudo nmap -T3 -vv -sS -p 1-65535 -P0 somehost.com

and you’ll get an idea of what a problem this could create across your network. Granted, this is nmap with the full stops turned on, but active scanning of any type done in this manner can cause serious traffic problems on all sizes of networks.

Insightix gets around flooding the network with traffic by using a unique combination of active and passive scanning. For the first 10 minutes, the system actually does no active scanning at all. It gathers information about the systems on your network, taking an educated guess at each one by comparing it to it’s extensive database, and then only probes a small amount of ports on the active scanning to verify that it’s guess during the passive phase was right. There is a nice interface to view and edit the ports probed for each operating system as well as a place to add custom entries as well.

The Insightix Enterprise correctly identified all devices on our network including some hand rolled storage and VOIP devices. Pretty impressive in 20 minutes, and I didn’t have to do a thing to my network but set up a simple span port.

Reporting

Now that the system is up an running, you have all sorts of reporting options. How about a usable Visio diagram or pretty PDF picture? We found the reporting tools useful and the default outputs very well laid out for our tests. The real time infrastructure interface allows you to expand and contract views by switch which is useful if you have a large number of devices on one section.

Drill down into the management console a little bit and it will tell how many instances of just about any service you have running, and with SNMP enabled switches, even tell you what switch port they are connected to. How many times last year would an up to date inventory of SQL worm vulnerable machines have come in handy? (Oh and you forgot that most Microsoft Outlook™ installations run a version of SQL server didn’t you?). To top it off, we we’re able to get an accurate inventory of servers and services running inside VMWare Virtual Machines.

We found the overall interface and reporting to be well polished compared to some of the other products we’ve tested although the choice of a Java interface could prove problematic on some installations. This is a reality of a rich interface inside of a browser and much prefer it to a proprietary web format like ActiveX or a desktop client and to their credit, they do support the most modern Java Virtual Machine.

In up
coming releases, Insightix is working to fix our one annoyance and that’s a lack of persistence of any historical data. There is only a short window in which the data about your network is available. In talking to them, we discovered that this is high on their feature list and that they may even allow for external use of the collected data.

Conclusion

The Insightix Enterprise DID Collector may seem a little expensive, but this product just works. You plug it in, turn it on and it does what it is supposed to. We all know the value of a product that does exactly what it is supposed to do without taking up IT staff’s precious time. Overall we we’re very pleased with the product and look forward to what future developments are in store at Insightix. For the super price conscious, they have a Lite version of the product that installs on a Windows server that’s worth looking at.

]]>