your key to IP security
|
|
|
your key to IP security |
|
|
|
 |
IPkey.com |
| Menu |
 |
July 05, 2010 |
||||||||
|
APM Monitoring
Start your
free
|
|
Getting Started How do I start? Contact us and we'll send you a Getting Started Form. Fill it out and fax it back to us. Unless your requirements are unusually large or complex, we can start monitoring your equipment within 24 hours. Do I have to sign a contract? No. We do not require a contract for you to start. However, if you do sign a 1 year Agreement, we will credit your account applicable setup fees at the 4th quarterly billing. How do you bill for Monitoring? We bill monthly or quarterly in advance. The first bill will include the setup fees. If you prefer not to use plastic, we can invoice you quarterly. However, to activate MMS, we must have received both the setup fees and the first quarter payment. You may also pay with a credit card.
Managed Monitoring & Protection Why can’t I monitor my own system? You certainly can. Most large corporations run a Network Operations Center staffed 7x24 with some very expensive datacom and security engineers. Often, their carrier will have one or more dedicated engineers on-site to assist. Nothing short of money prevents you from doing the same. However we can do it for you right now for a tiny fraction of what you would spend to replicate our capabilities. We can offer a high level of service at an affordable price because we amortize the high cost over many clients. That way, you get the benefit of our facilities and expertise at a fraction of the cost. What happens if there is a failure at IPkey’s facility? Our monitoring facilities are fully redundant. Our monitoring and management equipment are co-located at two secure facilities ate locations 200 miles apart. Each has redundant OC-3 circuits (or better), highly conditioned power and a backup generators. Given this, simultaneous failure is extremely unlikely. There are occasions where we have to perform scheduled maintenance on non-redundant equipment for services other than monitoring. We will notify you at least 48 hours in advance. These events will last only a few minutes and will be typically scheduled off-hours on a weekend. How will I be contacted when there's a problem? You will receive notifications that can be triggered by different conditions. These are Availability, Service and Threshold and Security.
Availability: When a device becomes unavailable via it's primary monitor (usually Ping.) Service: When a specific protocol (i.e.. DNS, SMTP) stops responding or a Windows Service stops. Performance: A wide variety of SNMP and WMI variables are evaluated with threshold conditions Security: Specific security-related events or conditions.
APM generates 4 types of messages that clients receive. These are color coded so that you immediately know the severity of the notification and the urgency of attention required. The Subject Line of every notification from APM will begin with one of the following phrases:
Red Alarm notifications are typically triggered when a critical service goes down and normal operations are seriously impacted. This can be a router, firewall, server or and ISP. We recommend that you use an email enabled pager or cell phone to receive Red Alarms, so that you are immediately aware of the problem.
Orange Alert notifications are typically triggered when a critical service goes down, but normal operations are not immediately impacted. This is often a mail or remote access server. We recommend that you use an email enabled pager or cell phone to receive Orange Alerts, so that you are immediately aware of the problem.
Yellow Activity notifications are something that you should see within a hour at the most. Examples of Yellow Activity would be Anti Virus 'Virus Found' and firewall 'Attack Detected' notifications. They are typically used for problems that have successfully resolved, as opposed to failures. We recommend that your normal email address be used.
Green Status notifications are used for routine notifications such as periodic reports, log files, etc.. Most of our clients keep these Notifications and refer to them only if necessary. Can different people be notified for different problems? Absolutely! In fact, the true power of Monitoring is when you use it as an intelligent dispatcher of 'trouble tickets'. While smaller organizations typically have have a single IT person responsible for all issues, larger businesses must separate areas of responsibility. MMS accommodates this by design. For example, all router and firewall messages may go to one IT staff member, server problems go to another and anti-virus alerts go to yet another. Furthermore, vendors, contractors and business partners can be notified if a link or service becomes unavailable. We suggest to our clients configure MMS to automatically contact their ISP if a DSL or T1 link goes down.
In addition, you may designate different notification recipients by time of day, or day of the week. For example, one staff member can be 'on call' during business hours and another on evenings and weekends. Finally any notification can be simultaneously sent to more than one individual to ensure that the message is received by someone. My ISP says that they are monitoring our web server that we host with them. What’s wrong with that? Nothing, but checking whether your web server is up or down is just a small part of the big picture. Is the server protected by a firewall? What other TCP/IP ports are open on the server? What’s the patch level on the server OS. Have the latest security updates been applied? Who often do they check on the server status? How long does it take for them to notify you? Are they checking your server from outside their network? How often do you scan devices and services? We normally scan each monitored device every 2, 5 or 10 minutes, although 1 minute service is available at extra cost. We do poll at longer intervals (15min) with our Asset Control Monitoring service. This is limited to non-critical client devices such as PCs or workstations, and is used as an inventory check rather than for critical monitoring. In this situation, we alert the client when a PC goes offline for more than 30 minutes, or when new equipment appears during the discovery process on their network. This is a valuable tool for asset control, and monitoring for unauthorized devices are plugged into the network. This is especially useful for detecting unauthorized intruder on a wireless network. Will I get false alerts? Yes, but rarely. The only way to guarantee that you will not receive false alerts is to configure the system in such a way that you will probably miss some valid alerts. No system is perfect, and one has to choose between false positives (alert issued when there’s no valid cause) and false negatives (no alert when there is a valid cause). In the security business, most people choose to tolerate a small number of false alerts (positives) so that they are confident that they are notified whenever a real event does occur (no false negatives). By default, we allow a poll timeout of 10 seconds, and signal an alarm when 3 consecutive polls are missed. These values can be customized as needed. We recommend that clients include Network Map Access in their monitoring plans so that they can visually confirm alerts. Why do I need to provide you with VPN access? Is it secure? VPN access is only required for monitoring devices or ports that are not accessible from the Internet. Server, application, firewall and asset control monitoring do typically need a VPN connection. In most cases, the only port open on the VPN that we require to poll internal equipment is ICMP (Ping). All client VPN tunnels are 'one-way' in that we have sufficient rights to poll the devices on the client's network, but no traffic that originates from the client can pass our firewall. This means that if a client's network is breached, there is no possibility of access to our monitoring subnet or to any other client's network. Other services will keep paging me until the problem is resolved. Can you do that? Our clients have used such services in the past and have almost universally chosen NOT to be paged or emailed repeatedly. Today, notification delivery is very reliable and it avoids having to wade through screen after screen of messages. However, we do optionally offer up to 2 follow-up notifications for those who are uncomfortable with just a single alert. You can choose the intervals, but we recommend 15min/30min for Red Alarms, and 30min/2hours for less critical situations. If I get an alarm that a device is down, will I be notified when it comes back up? Yes. By default, you will be sent an ‘up’ notification within a few minutes of restoration of a monitored device or port. If you prefer not to be notified of an UP status, we can change this. How much does all this cost? You can register for a FREE 30 Day Monitoring Trial to get started. Our Managed Monitoring Service is surprisingly affordable, starting at $100 monthly. Please contact us for pricing information for your specific needs. Other monitoring services are offering very low pricing. Why are you charging more? Excellent question. The answer has two parts: Part 1: Other services offer some very cheap prices, but there's a catch. The polling interval they use to check on your critical devices is typically 15min and may be as long as 60min. This means that you will not be alerted for at least 30min, and perhaps for as long as 2 hours. The reason that the alert time is doubled is simple. Frequently, a polling packet will get dropped somewhere on the internet. We often see a single poll missed for any device we monitor over the internet. This is normal and to be expected. If we alerted you every time a single poll was missed, you would soon be calling us saying that the monitored device is fine, and why are we bugging you?. To know that a device or port is really down, you need at the very minimum 2 polls and realistically 3 consecutive polls missed. Now you can see that 15min polling translates into a 30-45 min downtime 'window' before you are alerted. Our APM uses 2 minute polling and we typically issue an alert after 3 missed polls. This means that you will be notified within 5 minutes of a device failure, instead of from half and hour to over 2 hours. Bottom line: you get what you pay for. Part 2: While other providers specialize in monitoring a single host (typically a web server) for thousands of customers, we encourage our client to have us monitor more of the mission- critical devices on their network. Because we often have VPN access to client's internal networks, our relationship with the client is much closer and more trusted than with many of the other services. We encourage this by pricing the first monitored device a little higher than our 'competitors', but pricing additional devices far lower. For example, the cost of monitoring 5 critical devices with 2 minute polling is less than $35 per device. This is far lower than any competitor. What is Network Map Access? The Map Access option gives you a login to the color-coded map of your monitored devices and services using a standard web browser. You can view the current status of each device and acknowledge alerts. A log of recent events as well as detailed statistics of up/down time and transit times is readily available. Network Map Access is highly recommended for anyone who wants to see at-a-glance the overall health of their network.
|
|
Top 10 Risks
Are you secure? Or do you just think that you’re secure?
Find out today with a FREE Vulnerability Scan.
|
   |
Copyright © 2001-20010 Meridian Group Inc.
