Slashdot Mirror
Best Tools For Network Inventory Management?
jra writes "Once every month or so, people ask here about backups, network management, and so on, but one topic I don't see come up too often is network inventory management — machines, serial numbers, license keys, user assignments, IP addresses, and the like. This level of tracking is starting to get out of hand in my facility as we approach 100 workstations and 40 servers, and I'm looking for something to automate it. I'm using RT (because I'm not a good enough Web coder to replace it, not because I especially like it) and Nagios 3. I've looked at Asset Tracker, but it seems too much like a toolkit for building things to do the job, and I don't want my ticket tracking users to have to be hackers (having to specify a URL for an asset is too hackish for my crew). I'd prefer something standalone, so I don't have to dump RT or Nagios, but if something sufficiently good looking comes by, I'd consider it. I'd like to be able to hack a bit here and there, if I must. Perl and Python, along with C, are the preferred implementation languages; least favorite is Java. Anyone care to share their firsthand experiences with this topic, and what tools they use (or built) to deal with it? "
It's open source, it's free, it's a complete network management system, and you can import existing asset information as well as populate through network discovery. We use it here at the New Mexico Child Youth and Family Development Department, with 53 offices, 2500 workstations, and 80 servers.
http://opennms.org/
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
Open Source use OpenNMS: http://www.opennms.org/wiki/Main_Page
Want commercial software?: Solarwinds Orion with IP Monitor.
We finally made our own. We created a mysql database and table schema storing the hardware information along with the schema for locations in the facility (typically cubicles, offices, labs, and server rooms). Wrote up a website using PHP with proper forms to insert new hardware, move hardware from one location to another, or remove hardware, and search functions to find hardware. We went a little further as well by getting floor and building plans and made clickable image maps for all the locations so that you can just browse to the building/floor/cubicle, see what is in there already, and add new stuff or move existing stuff etc., as well as have a way to highlight the location of a particular piece of hardware if you looked for it based on hostname, etc.
It really isn't that hard to do. And if you setup your database tables and schema correctly so that you can easily expand for new hardware types, buildings/locations, it isn't too hard to maintain. The hardest thing that we deal with is when we move into a new building and we have to generate the floor map, but it doesn't usually take more then a few hours at most.
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
This might be the sort of thing, coupled with the OCNS agent it'll scan your network and log all the data into a myql database. Ticket system which allows users to report stuff attached to an asset, reporting, contracts, and stuff. Worth a look.
We use OCS and really like it: http://www.ocsinventory-ng.org/ It's one of those things that tends to just work well. In fact, our version is about 2 years old now and we haven't had a need to upgrade it at all because it's just doing what it need to do.
----- obSig
who keep tagging stories like these and especially 'Ask Slashdot' submissions with the domyjobforme tag, please STFU. Quite often, the submitter has done extensive research on the matter and shared his or her observations and is looking for people to share their ideas or experiences. Your attitude does not fit in with the open source spirit that the readers of Slashdot enjoy being a part of. If done as a joke, it is no longer funny.
Open-AudIT is pretty good for cross platform but it doesn't cover all of your requirements. I'm yet to find anything that is an IP database plus complete system inventory. Open-AudIT is very good at the inventory side. I run it in Windows since I was trying to replace TrackIT. There's a Linux agent and it'd be pretty easy to customize it for other OSes. It does licensing as well. Want to know how many computers have Office and what version? Who has outdated Antivirus? It even gives you license keys used. Getting it up and running with XAMPP for Windows is quick for testing. I haven't used it as much on the server side. We use IBM Director for that.
Your description of AT is completely off. I'm an active user of RT and Asset Tracker (AT). It's not a toolkit at all, it's a clean modification that adds an 'Assets' link in the nav bar where you hold assets. From there you create and manage custom fields and custom field values from within the standard locations of RT. At no point must you know a URL to do anything in RT or AT. There are simple or complex searches, linking assets to others (depends on, requires, etc) is simply typing a few letters into a box to search on, then choose the appropriate action from a dropdown box.
Unfortunately there have been no releases of AT in a while, but it still cleanly applies even to the latest version of RT. It does have a new home for its code on google code and is getting updates, just not a new release for a few years.
Nagios? For asset tracking? "I was trying to check my e-mail using using apache, and it just wasn't living up to my expectations at all...." I guess when all you have is a hammer, everything looks like a nail.
http://www.open-audit.org/ does a nice job of tracking on the windows side. Set up xampp, unzip the contents of the openaudit zip file into the htdocs directory, visit the side, move on with your life. Open Audit as a project is a little hackish and informal for my tastes, but it does pass the JFW (just fucking works) test. Tracks assets, installed software, license keys. It's just a PHP frontend for WMI results, so if WMI is acting funny, then open audit will be funny too. I also doubt it'll do much for network device inventory other than identifying approximately what the device is. (Printers show up ok, I doubt switches or routers will appear as anything other than "other".)
My suggestion for integrating Nagios would be to set an action URL for each of your hosts that in turn points to the Open Audit page for that particular host, unless you're already using the action URL for PNP (and if you're not, you should be for some of your hosts.)
There are some people that if they don't know, you can't tell 'em.
Would you recommend DHCP for network switches? I ask cause if you would....uh...why?
God help you?
You've got an excel spreadsheet? You're a lucky bastard.
I have a customized Peoplesoft implementation for asset tracking, designed by three blind goatherds, one of whom also had leprosy (I may be exaggerating a bit. I suspect it was more like twenty, ~since having more people design a system is always a good idea~).
Seriously... Search for asset. Find asset. Enable correct history mode. Click through four forms to get to custodian details. Update custodian details. Run asset update process. Check process monitor for error messages. Resolve errors. Rerun update process. And that's a simple change.
Heaven/Hell forbid there was any issue with the Tag # or Serial # assigned to an asset.
Hell hath no torment like a Peoplesoft implementation used for something it has no business being used for.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
I have found Open-AudIT to be a good tool for tracking the 'soft' side of the house with minimal pain while
Kwok Information Server was a better tool for tracking 'hard' assets. Both are open source.
Oh god, not Altiris!
My company, a huge multinational company, recently switched to Altiris for inventory tracking, license management, and software delivery.
From what I can tell, on a global network with somewhere in the neighborhood of 500,000 machines, it's ok for inventory, great for controling licenses, and terrible at software delivery.
Using Altiris it takes upwards of ten times longer to install applications that reside on the same servers that our old in-house scripting team used. Servers didn't move, same applications, 10 times longer to install. Setting up an old user with a new machine can now take hours instead of a few minutes (I'm talking after the build up and profile transfer).
The problem may have been with the implimentation for our particular situation, the concept and feature list I think are brillient. That doesn't change the fact that the word Altiris makes me shudder involuntarily now.
Lucky for me, I moved to a different group and get to manage my own, separate internal network of about 400 machines.
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
Servers=static
Printers=static
network gear=static
random network devices=static
In any non-trivial network you will have a significant percentage of your IP space utilized by static devices. Then you get into tracking multiple sites and their associated network information and it starts to get fairly complicated. We're small enough with a couple dozen sites and a dozen or so subnets at our corporate campus that we use a multi-tabbed excel document with the first tab being a table of contents.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Surely i will be modded down for suggesting a microsoft solution, but your problem is pretty simple to solve with a sharepoint server. Its free (there is a pay version as well), and if you have office and don't mind using IE, it integrates nicely. Plays OK with firefox, just cant do some advanced editing (spreadsheet view, some imports). Sharepoint is a bitch sometimes as its a microsoft product and thus designed badly, but there is certainly alot of support out there in the form of plugins and templates. It has a wide install base.
With sharepoint, you are basically creating lists of things, and linking them together. I think it works pretty well for basic record keeping, athough it does involve alot of data entry. One bonus is if you have all your data in excel, the import process is very simple. I would imagine that is the case with all solutions you would be looking at though...
Another bonus is that if you are using active directory, it is very easy to roll a helpdesk system, intranet site, and wiki at the same time, all in the same framework. Users can submit tickets themselves with their active directoy logins, so no need to manage multiple credential stores.
It may not be the best, but if you need to do it cheap and want integration with windows domains, you cant really go wrong with sharepoint. (cue replies telling me how wrong their sharepoint install went :))
As a potential lottery winner, I totally support tax cuts for the wealthy
100 workstations and 40 servers? Spreadsheet.
Don't over complicate this until you need to.
When you have 200 workstations and have completed your virtualization consolidation project and are down to 8 servers, then you'll have time to worry about all this again.
Ask again in 3 years.
I've been using it on an old Linux box for over 3 years now and I'm pretty pleased with it. You need a Unix or Windows computer to act as a server; on Linux it's a basic LAMP stack plus some specific PHP and Perl modules, and on Windows it comes as one package that includes everything you need. Then you install the client software on each computer that needs to be inventoried. There are clients for Windows and generic Unix (Linux, *BSD, Solaris, Mac OSX, etc.).
It'll track IP address, hostname, MAC, what software's installed, username, whether it's on an Active Directory domain, subnet, all hardware including serial number. You can also configure it to use Nmap to have an auto-elected client in each subnet do a quick scan to determine what other devices are on that subnet and optionally try to detect what it is (Linux box, Windows box, printer, switch). It can also push out packages to clients.
If you want to expand some more, OCS also integrates with GLPI to provide helpdesk ticketing, license tracking, etc.
Hail Eris, full of mischief...
E pluribus sanguinem
Seconded. The main benefit of what you propose (for those who may still not understand why) is that the implementation is the documentation. You simply look at the DHCP setups for various servers, etc. to find their IP, and it's always right, you don't have to wonder if spacey Joe forgot to update the damn Excel spreadsheet when he changed the printer. AGAIN.
My blog. Good stuff (when I remember to update it). Read it.
There is no reason to add the dependency of a DHCP server to many of those services. Reserved DHCP works great under some situations but if you're talking about a static set of servers or equipment, static ip is more reliable.
Depends on your situation and your resources. A while ago I did a favor for a friend in a mid size office (300 people or so) lacking a real sysadmin where they asked me to re-ip the entire network on a short notice. Luckily I had the foresight to make sure just about everything was on DHCP or static DHCP. With renewal time lowered to 24 hours - this gave me a 12 hour window - perfect for overnight reset. During the day I wrote a quick script to dump out, massage and re-write the static IPs in DHCP DB. After everyone gone home that night, all I had to do is change IPs on a the few static servers (DHCP server mostly) - activate the new DHCP scope and go home. 1/2 hour worth of work. Next morning everything was up and running, and for the few people who complained(there are always a few), a reboot fixed everything.
So yes, static IPs are more reliable on small network or if you are well staffed and have time to burn. But there is value in static DHCP when you are understaffed. Of course it makes it much more important to keep the DHCP server up, but hey, you still have at least 1/2 your renewal time to fix it and hopefully you are monitoring your DHCP server.
-Em
RelevantElephants: A Somatic WebComic...
Yes, i would. Because then the ip information is always in one place - DHCP server - and there will be no conflicts and this information is *always* up to date. If a device needs a static address (e.g. a server or switch) i just assign it an IP address according to its MAC address in DHCP server. Everything else gets an address from the dynamic range.
My approach is to use static addresses for servers and network switch management consoles, and fixed-lease DHCP for everything else, personally.
We're big enough that I've ripped off 10.10/16 and 10.11/16 for our 2 campuses, and I block certain categories of stuff into specific class-Cs. I'm not fond of overloading semantics on addresses, but sometimes you just have to...
Because if it goes down for 2 days you eventually won't get any snmp data from your switch?
1.) Why would people use a lease time of under 1 or 2 days for static infrastructure? (or 7 days even)
2.) Do DHCP failures for more than 24 hours fit into your uptime requirements?
of sites for suggested packages is below. It will take me about a week to go through them all, but I'll try to get a posting up here next weekend closing the loop; thanks y'all.
http://opennms.org/
http://www.lanrev.com/
http://www.glpi-project.org/?lang=en
http://www.ocsinventory-ng.org/
http://www.open-audit.org/
http://www.kwoksys.com/
http://www.symantec.com/business/theme.jsp?themeid=altiris
http://www.spiceworks.com
http://www.belarc.com
http://www.i-doit.org/
http://opennetadmin.com/
http://www.zenoss.com/community/open-source-network-monitoring-software
http://www.komodolabs.com/
http://netdisco.org/
http://racktables.org/
http://www.staffandline.com/
http://www.invgate.com/
http://www.kiwisyslog.com/kiwi-cattools-overview/
http://pulse2.mandriva.org/
https://www.versiera.com/
http://www.netcraftcommunications.com/
http://openerp.com/