IT Baseline Protection Manual S 2.145 Requirements for a network management tool
S 2.145 Requirements for a network management tool
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: Administrators
The use of a network management tool helps achieve effective network management. A large number of network management products are commercially available at present; all these products need to be checked for compatibility with individual requirements before a decision can be made to procure a particular tool. Here, it is particularly important to fulfil the security requirements stipulated in S 2.143 Development of a network management concept and observe the following items:
The tool must support the selected network management protocol (refer to S 2.144 Selection of a suitable network management protocol)
The product must be scaleable, i.e. it should be capable of adaptation to future requirements.
It must support all the network components present in the local network.
It must support all the network protocols used in the network.
It should have a modular design, in order to easily allow a later integration of additional functions into the existing network management system.
It should have a graphical user interface, to provide a clear and comprehensible display of relevant information.
If system management products are also used, it should be possible to combine them with the network management tool under the same user interface, to achieve a "single point of administration".
In addition to these requirements which need to be examined in general, the functional requirements for a network management system must also be defined. The following criteria provide an overview of the possibilities offered by presently available products; however, not all functions are incorporated into all products. Before a product is selected, it is therefore necessary to determine the functions which will be required:
Topological representation of the network (e.g. including the possibility of integrating background diagrams such as construction plans etc.)
A choice of topological representations
Topographic representation of the network (e.g. including the possibility of integrating background diagrams such as construction plans etc.)
Automatic recognition and representation of network topology and segmentation (auto discovery)
Indication of the configuration of the active network components on the port level
Indication of performance on the port level
Graphic visualisation of the active network components
Interactive tool for the management protocol (e.g. MIB browser)
Easy navigation in the network management tool, by means of zoom functions or enlargement of individual sections
If applicable, integration of a VLAN manager, and graphic display of the VLANs
Intuitive operation of the tool interface, particularly the section in which the topological and topographical maps are edited (for example, by means of Drag & Drop)
Display of error and alarm messages by means of freely selectable colours and user-defined criteria
Possibility of distributed management (client / server and manager-of-manager)
Possibility of integrating and defining additional MIBs (private MIBs).
Additional controls:
Have all the requirements for a network management tool been formulated and documented?
Can the network management concept be realised with the selected network management tool?