During the operational phase of any network, administrators need a way to monitor the devices on their network to make sure they can be alerted not only after things go wrong, but before they do. For example, constantly high CPU on a server could be indicative of a security attack or that the server needs to be upgraded.
Network Monitoring can be done either manually or automatically using monitoring tools. Manual network monitoring includes running a continuous ping to a router to check its availability, frequently checking the CPU utilization on a server, and making sure a website is up by visiting it from time to time.
On the other hand, there are so many tools that can be used for network monitoring including Nagios, SolarWinds NPM, PRTG Network Monitor, and WhatsUp Gold. These tools make monitoring easier and have a lot of features like automatic network discovery, availability monitoring, performance monitoring, alerting and reporting.
In this article, we will look at one of such networking monitoring tools – WhatsUp Gold. We will see how it can be installed and also consider common use cases like automatic network discovery, health status, traffic analysis, and alerting.
Before we begin, lets go over the main features of what this software has to offer and its capabilities.
Whatsup Gold has the following features and capabilities:
- Application Monitoring (including Windows, Linux, Apache, Java, etc)
- Network/Bandwidth Traffic Analysis and Monitoring
- Configuration Management (support for HIPAA, SOX, FISMA & PCI DSS)
- Automatic Network Discovery, Mapping and Scanning
- VM Monitoring (support for Hyper-V and Vmware ESX/ESXi)
- Robust Network Alerts and Dashboards
- Failover Management
- Network Alerting/Reports
- Cloud Monitoring Features
- and much more!
Now lets get started with the Lab setup and installation of WhatsUp Gold get a better feel for it!
For this article, we will use WhatsUp Gold to monitor one Windows Server and two Cisco routers. The lab setup is shown below:
I will be using a Windows Server 2012 launched on AWS as the installation server for WhatsUp Gold. To simulate the Cisco routers, we will use GNS3. The Windows Server will be connected to GNS3 via its Loopback interface.
Note: Creating a loopback interface in newer versions of the Windows OS is quite easy; just search for “loopback manager”, run as administrator, and follow the steps to create a new loopback interface (type “2” and press Enter). For older versions of Windows OS, follow the steps here.
We have basic configuration on the routers: IP addresses, SNMP community, username/password combination, etc. The configuration on R1 is as follows:
hostname R1 ! ip domain name example.com username cisco privilege 15 secret cisco123 enable secret cisco123 ! interface Loopback0 ip address 188.8.131.52 255.255.255.255 ! interface FastEthernet0/0 ip address 172.16.123.1 255.255.255.0 no shutdown ! router eigrp 10 network 0.0.0.0 no auto-summary ! snmp-server community cisco123 RO ! line vty 0 4 login local !
The configuration on R2 is as follows:
hostname R2 ! ip domain name example.com username cisco privilege 15 secret cisco123 enable secret cisco123 ! interface Loopback0 ip address 184.108.40.206 255.255.255.255 ! interface FastEthernet0/0 ip address 172.16.123.2 255.255.255.0 no shutdown ! router eigrp 10 network 0.0.0.0 no auto-summary ! snmp-server community cisco123 RO ! line vty 0 4 login local !
Since there needs to be connectivity between the network monitoring tool and the devices to be monitored, let us make sure we can ping both routers from the Windows Server:
With our devices setup, we will now go into the installation and setup of WhatsUp Gold. The current version as of the time of this writing is WhatsUp Gold 2017.
WhatsUp Gold offers a free 30-day trial on their product. You can register for the trial and download the software from the email they send to you. The only catch is that you must use a business email address – personal emails like Yahoo or Gmail will not work.
To get started, go to the Registration Form HERE and download the software.
After registering, they will send you an email with the download link. It took about 10 minutes for the email to drop in my inbox (and they say it could take as long as 15 minutes). The email contains the option the download the offline installer or the web installer that requires an Internet connection. The file size of the full installer is about 700MB compared to that of SolarWinds NPM 12.2 which is over 2GB!
In terms of system requirements, WhatsUp Gold has some hefty requirements:
- Windows Server 2008 (and 2008 R2), 2012 (and 2012 R2), 2016. Windows 7, 8.1 or 10 can be used for evaluation purposes
- Quad-Core CPU
- 8GB RAM
- 25GB hard disk space
You will also need a database although you can use the SQL Server 2014 Express that comes with WhatsUp Gold by default. If you will be monitoring more than a certain number of devices (500), it is recommended that you use a standalone database server. For our evaluation purpose, the included database server will work just fine.
Hint: The t2.xlarge EC2 instance type on AWS meets my requirement for 4 vCPUs and over 8GB RAM.
The installation of WhatsUp Gold is pretty straightforward, at least if you choose the “Standard Installation” versus the “Advanced Installation”.
The setup file will first perform some system checks to ensure that your system meets the requirements. In my case, Microsoft IIS was not enabled and so the setup informed that it will be enabled for me.
Next, you will be presented with your license details. In my case, since I’m using an evaluation license, it tells me I have 30 more days. I didn’t have to specify this because the evaluation license key was tied to the setup file.
You will then be required to specify an IP address that the local poller will use to communicate with remote pollers (if any). You can use remote pollers to distribute the load on the main WhatsUp Gold server to other systems.
You will then be presented with a summary of what will be installed and after about 10 minutes, the installation should be complete and you will be asked if you want to restart your system.
After restarting, just search for WhatsUp Gold like you would any other application. Click on “WhatsUp Gold” which opens the WhatsUp Gold web console in your default web browser.
When the WhatsUp Gold web console loads for the first time, you will be required to set a password for the “admin” username.
When the password has been set, you will be logged in. In my case, since I’m using an evaluation license, I will be presented with the option to request a quote or just continue my evaluation.
Once you get past the license splash screen, you are then presented with a tour dialog. You can go through the tour to get a bit of a starter course on using WhatsUp Gold. However, since we will be going through the setup in this article, I will skip the tour.
The first major screen/tab on the WhatsUp Gold interface is the “DISCOVER” tab which makes sense since we are logging in for the first time.
One thing you will notice when you open WhatsUp Gold for the first time is that there are no monitored devices. I found this strange because other network monitoring tools like SolarWinds NPM and PRTG Network Monitor always have the local server on which they are installed as a monitored device. To achieve this, those tools will usually install a monitoring agent on their local server. However, it seems WhatsUp Gold is agentless even up to the local server on which it is installed.
So let’s run a scan to discover our lab network. I will click the “Start Scan Now” button.
As you would expect, there are different options for discovering a network: scanning a subnet, scanning a range of IP addresses and my personal favorite, using a seed device.
By specifying a seed device, the tool can scan that device and then hop from that device to other connected networks. You can specify how far (deep) you want the tool to hop. For this lab, I will just specify R1 (172.16.123.1) as the seed device and I expect it to find R2 and also the Windows Server.
On the next screen, you will be required to specify the credentials with which to scan/discover the devices. Almost all network monitoring tools will rely on SNMP for device discovery. However, there are other protocols like ping (availability), Windows Management Instrumentation (WMI), and SSH.
Let us add the credentials for our SNMP (‘cisco123’ configured on the Cisco routers) and also the SSH login details. I have not enabled SNMP on my Windows Server (follow this article if you want to enable SNMP) and I will also purposely leave out the WMI details (username/password) for now.
One thing I like about WhatsUp Gold is how they have all the credentials in one place rather than having one page for SNMP, another page for WMI and so on.
On the next screen, we can decide to schedule the scan, perhaps to run it daily at a particular time. I found this screen a bit confusing at first because I was not sure if my scan will run without having a schedule since the schedule does not include “scan once”. However, the “Run” button at the top of the screen made me aware that I can run my scan immediately.
Finally, we come to the Summary screen where we can give our Scan a name and then run the scan.
After a short while, my scan came back with three discovered devices. Notice that the “Monitored” column says “No” for all of them because we have not specified that they should be monitored.
Hint: To run a scan again after it has completed, go to Discovery → Saved Scan Settings, select the scan and then click on the “Scan Now” button.
One of the cool things about WhatsUp Gold is the Display Map feature which gives you a good diagram of the network. This map can also be edited to better reflect the network. To access this display map, click on the “Display Map” at the top right of that page. When done with the display map, click on the “Device List” button at the bottom right of the page.
Since I want to monitor all the discovered devices, I will select all of them and click on the “Start/Update Monitoring” button at the top right of the page.
I can choose a group in which to place the devices or leave them in the automatically selected “Discovered Devices” group.
Once you have decided on which devices to monitor, just click the Start button. With this, the devices should now be monitored.
Now that we have imported the devices we want to monitor, let’s click on a device to view some discovery details about it.
As you can see, it shows that out of the 3 credentials we had for R1, two failed and one succeeded. My SSH credentials failed because, at the time of running the discovery, I hadn’t enabled SSH.
Note: You enable SSH by generating RSA keys on the Cisco router using the crypto key generate rsa command.
SSH is very important for configuration management as we will see later; so let us make sure it is working for this device. To do that, I will go to the MY NETWORK tab to view all the monitored devices.
Clicking on a device will bring up a pane on the right showing details about that device.
At the top left of that pane is the “Properties” button. Clicking this button will take us to the properties for that device.
So I will click on Credentials tab, click on the Edit link next to SSH, and then select the SSH credentials we initially created.
Let’s close the Device Properties page and check some status information about that device. Click on the heart symbol and this will take you to the Device Status page.
There are several tabs on the Device Status page including the General tab, Disk/CPU/Memory tab, Router/Switch/Interface, and Monitoring.
Network Traffic Analysis
Luckily for us, the evaluation version of WhatsUp Gold gives us the opportunity to try out the Network Traffic Analysis feature (which is only available in the Total and Total Plus editions).
For this section of this article, we will add the following configuration to R1:
ip flow-export version 9 ip flow-export destination 172.16.123.100 9999 ! interface FastEthernet0/0 ip flow ingress !
The WhatsUp Gold Server is configured as the Flow collector (collecting on the default port 9999) and will also be used to analyze the flow information. We can view the default Network Traffic Analysis settings by navigating to SETTINGS → Network Traffic Analysis → NTA Settings:
We can also see the flow sources that the server knows about by navigating to SETTINGS → Network Traffic Analysis → NTA Sources:
Let us generate some traffic to R1 so that we can see how useful the Network Traffic Analysis feature is. I will ping R1’s loopback interface from R2 and also open an SSH connection to R1 from R2:
To view the information available through this feature, navigate to ANALYZE → Traffic Analysis → Traffic Analysis.
Cool right? This feature can be very useful for bandwidth analysis, troubleshooting (e.g. compromised device sending a large amount of traffic), billing, and so on.
Another cool feature available only in the Total Plus edition of WhatsUp Gold is Configuration Management. With Configuration Management, you can archive configuration files, alert on changes to the configuration, and also comply with certain regulatory standards (that require configuration to be audited frequently).
To keep it simple, let us create a simple task to backup the startup configuration on one of our routers. Navigate to Settings → Configuration Management → Task Library and let us add a new task. We will schedule this task to run daily at say 11:00 pm.
After creating the task, I will run it immediately so that we will have one configuration file backed up.
If I go to the Device Properties of R1 and look at the Task tab, I will see my scheduled task there and also the result of running the task once.
Now, I will make a small change in the configuration of R1, save the startup configuration and then run the task from WhatsUp Gold again. Now, I have two backed up files.
By selecting both files, I can compare them to see what has changed.
Let’s now get back to that Windows Server that we left without credentials. If we go back to the MY NETWORK tab and click on the Windows Server, you will notice that even though it was discovered, the only performance monitor we have there is related to Ping. Also, notice that there are zero (0) associated credentials.
Let’s add a few performance monitors. First, click on the Device Properties icon. On this page, we can see that there are two monitors for this device, one active monitor and one performance monitor.
WhatsUp Gold has three types of monitors:
- Active Monitors which poll for up/down or yes/no responses. An example here is Ping. Other examples are DNS and HTTP.
- Passive Monitors which do not “actively” poll devices but rather wait for events from a device. Examples here include SNMP trap and Syslog.
- Performance Monitors which gather statistical data about devices. Examples here will be CPU utilization and Network interface utilization.
Before we add our performance monitors, we need to configure credentials for this Windows Server. I decided to use WMI instead of SNMP for the purpose of variety. However, keep in mind that most of the information that you can get through WMI can also be retrieved using SNMP with less performance impact. So in a production network, you may want to use SNMP instead.
Click on the Credentials tab.
Since we have not added any WMI credentials, there won’t be any available if we click the “Edit” link. Therefore, we need to first add WMI credentials to the Credentials Library. Therefore, click on the Credentials library… button.
Click on the plus sign to add a new credential. Select the ‘Windows’ option.
To use WMI, it will be better if Active Directory is also being used in your environment so that you can specify the same username/password to log into various servers. However, for my evaluation, I will be using a local administrator account. In that case, you need to use “.\” before specifying the username.
Click Save when done.
We can now add the newly created credentials to our Windows Server. Close the Credentials Library dialog, click on the “Edit” link next to Windows, and then select the WMI credentials from the drop-down.
We will now go to the Monitors tab to add our performance monitors.
Click on the Add button, select Performance Monitor and then click Use a library monitor. There are 4 default performance monitors in the library: CPU utilization, Memory utilization, Disk Utilization, and Interface Utilization. In our case, we will add a CPU utilization monitor.
Press Next. By default, SNMP is the selected querying protocol.
However, we will select WMI and wait a few seconds for WhatsUp Gold to query the device with our WMI credentials and then bring up a list of the processors we have.
You can select the ones you want to monitor and then click on Finish. I will also add a monitor for Memory Utilization (steps not shown here). At the end of the configuration, this is what we have for our Windows Server:
So if we now go to the Device Status, we should see CPU and Memory information about our server.
Note: You can also define your own custom monitors through several methods including SNMP, WMI, and SSH. You can do this by going to Settings → Libraries → Monitors and add a new monitor.
Setting up Alerts
Alerting is one place I struggled with using WhatsUp Gold. It’s actually quite easy to setup alert actions for a device; however, it was confusing at first to figure out where to find alerts for all monitored devices. For example, there is no single “Alert” dashboard that shows me all the issues on the network at one go, like devices that are down or devices with high CPU. Rather, there are several dashboards under the ANALYZE tab that show specific information.
Note: I would have expected that the Alert Center will be that dashboard that shows you all the alerts on your network. However, the guys at WhatsUp Gold had a different understanding. The Alert Center shows you information about performance monitors, for example, devices whose CPU Utilization exceed 90% or with ping response time greater than 50ms.
One thing you should be able to do with any monitoring tool is being alerted when something goes wrong. The tool should provide several means of alerting like sending an email, SMS, or even just showing up on the dashboard (default).
In this article, we will set up alerting such that when R2 goes down for more two minutes, an email will be sent and a web alarm will be displayed on the dashboard. To start, click on the Device Properties for R2.
Go to the Actions tab.
Click on the Actions and Policies button.
As you can see, there are two parts in the Actions and Policies dialog – the Action Library and the Action policies. We can specify what actions to be taken (e.g. send email, sound alarm) when a particular policy is triggered (e.g. device has been down for 2 minutes).
So let’s first create an action for sending an email. Click on the plus sign under the Action Library section and select “E-mail action”.
WhatsUp Gold does not have its own internal SMTP server so you will need to configure your own mail server settings (if you haven’t done so already). You can also take a look at the default email template that will be used in sending the email. Click OK when done.
Let us now define our Action Policy. Click on the plus sign to add a new action policy. We will call this policy “Device Down 2 minutes” and add two actions to it: sound a web alarm when the device has been down for 2 minutes and also send an email.
Click OK when done and close the Action and Policy dialog.
Click the Edit link next to “Apply the following Action Policy” and select the action policy we just created:
To simulate an outage, we will shut down the Fa0/0 interface of R2 using the no shutdown command. Once we do that, we will see that R2 is down in the MY NETWORKS tab.
After two minutes, a web alarm will be displayed:
An email will also be attempted to be sent. If your email server settings are in order, you should receive an email about the failed device.
You can also check your action logs by navigating to ANALYZE → Logs → Action.
Note: I used Gmail for my SMTP server. You can get the settings here. However, you will need to allow less secure apps sign into your Gmail account which is not recommended.
There is no specific dashboard for reporting in WhatsUp Gold. However, the cool thing is that you can export the information shown from the different dashboards under the ANALYZE tab. For example, if we view the Top 10 report under the Performance section, we can export the result to PDF.
This brings us to the end of this article where we have seen how to install and setup WhatsUp Gold. We have covered basic features like network discovery, adding monitors, and setting up alerts. We have also seen some advanced features like network traffic analysis and configuration management. There are other features we have not covered like VoIP monitoring, Application performance monitoring and Virtualization monitoring.
In general, WhatsUp Gold is a good network monitoring tool. It may not always be intuitive in some areas but all things considered, it does a good job. When compared to PRTG Network Monitor, I will say it has a simpler and better web interface but generally, I think PRTG is easier to use. In comparison to SolarWinds NPM, it feels less “bulky” but SolarWinds NPM provides more robust features.
There are four versions of WhatsUp Gold: Basic, Pro, Total, and Total Plus. It also uses point-based licensing where a device like a router (irrespective of the number of monitors) uses 1 point, but a feature like network traffic analysis uses 10 points per flow source. Pricing is not readily available without contacting their sales team but from research, it seems you can get 25 points on the Basic edition for around $2,000.
Our recommendation would be to Download a Trial version and follow our Setup Guide above to get a better feel of the interface and see how it performs for you. Use the download link below to go to the Whatsup Gold download page (Found here as well) to get started!