This documents purpose is to give an overview of how to create Naverisk Operating System Templates and how to assign OS Templates to a Clients Device via Device Types.
1.0 Operating System Templates
Operating System Templates are configured for the monitoring aspects of your Devices, such as CPU, RAM and Disk performance, Agent Availability, Device Security, Services, Processes, Ports and Events.
Best practice is to first clone a Template of an OS type that you would like to edit and monitor and give it a name that you will know is not a standard default Template. This makes it easier in mass deploying changes and keeping track of what Template you have created or edited.
First step is to navigate to Settings > OS Templates and select the appropriate Client from the list on the left, then click on ‘Clone Templates’
Once this is done, select the green Edit arrow that corresponds to the Cloned Template.
Note: It is recommended to customise your OS Templates for your desired monitoring before deployment across all Devices.
Once you have created your OS Template to your liking, you will be able to select copy Templates and then copy/overwrite. This will now make your Customised OS Template available to all Clients to then be assigned under Device Types.
You may also Import and Export OS Templates using the options button highlighted to copy pre-existing templates to and from Naverisk.
To understand the Template better, we will look at each section.
1.1 CPU Utilisation
CPU utilization refers to a computer's usage of processing resources, or the amount of work handled by a CPU. Actual CPU utilization varies depending on the amount and type of managed computing tasks. Certain tasks require heavy CPU time, while others require less because of non-CPU resource requirements.
CPU utilization may be used to gauge system performance. For example, a heavy load with only a few running programs may indicate insufficient CPU power support, or running programs hidden by the system monitor - a high indicator of viruses and/or malware.
If set to 90%, when the monitored device hits 90% CPU Utilization for more than 120 seconds, then a Warning ticket will be created.
If the Utilization levels increase to 95% for more than 120 seconds after the first alert has been opened, the SLA Status will be upgraded to Threat.
Finally, if the Utilization levels increase to 99% for over 120 seconds, the SLA Status will be upgraded to Failure.
For the Alert to clear, the Utilization levels must drop below the current SLA Status Threshold, for more than 120 seconds.
CPU Utilization can be tracked in real time using the Performance Tab of a device.
1.1.Disk Queue Utilization
The disk system handles the storage and movement of programs and data on your system, giving it a powerful influence on your systems overall responsiveness. The OS Template provides disk-specific counters that enable you to monitor and measure disk activity, and instructs you on strategies to improve disk performance.
Avg. Disk Queue Length is equal to the (Disk Transfers/sec) *(Disk sec/Transfer). This is based on “Little’s Law” from the mathematical theory of queues.
The Avg. Disk Read Queue Length is equal to the “(Disk Reads/sec) * (Disk sec/Read)” and Avg. Disk Write Queue Length is equal to the “(Disk Writes/sec) * (Disk sec/Write)”.
The SLA Statuses in Disk Queue Utilization have the same functional design as the CPU Utilization metrics.
This means that if a threshold is violated for more than the specified time, a ticket will be created. When the Disk Queue clears, then the opened ticket will be auto-closed by the system. Disk Queue Length can be tracked in real time using the Performance Tab of a device.
1.3 Memory Utilization
Monitoring performance is a necessary part of preventive maintenance for your computer system. Through monitoring, you obtain performance data that is useful in diagnosing system problems and in planning for the growth in demand for system resources.
In storage, a pagefile is a reserved portion of a hard disk that is used as an extension of random access memory (RAM) for data in RAM that hasn't been used recently. A pagefile can be read from the hard disk as one contiguous chunk of data and thus faster than re-reading data from many different original locations.
Memory Utilization monitoring works in percentages, just like the CPU Usage and conforms to the same functional design.
Memory Utilization Threshold values for each SLA should be based on the maximum amount of memory a system should use for a prolonged period.
In addition to Physical Memory(RAM) Utilization, the settings set in the OS Template’s Memory Utilization section, will also report the PageFile Memory Utilization.
Memory Utilization can be tracked in real time using the Performance Tab of a Device.
1.4 Drive Space Utilization (%) vs. Drive Space Free (MB):
Display the percentage of the total usable space on the selected logical disk that was free. With this metric, you can determine how much free space your drive has left, displayed in percentages. This is useful for large drives, used for mass file storage, such as Data Base, or backup volumes, where the percentage counts.
Displays the unallocated space, in megabytes, on the volume.
This metric is useful for drives that are not too large, such as the C: drive, which usually host the OS and need a certain amount of free space to allow for the file system to operate nominally.
You can also Add Drive Metrics for each separate drive, using the Add Drive Metrics option. This will allow you to set the monitoring values for each specific drive, instead of using the Default values that would normally apply to all drives, at the same time.
In this section, you also have the option to Monitor USB Drives, such as External HDD/SSD/SSHD devices. Once selected, any compatible drives will be displayed in the Performance Tab.
1.5 Security Center
The Security Center is an integration from Microsoft Action Centre, that uses the Microsoft Action Centre API (Application Programming Interface), to retrieve and relay the data that is normally displayed in you Windows OS, to your Naverisk Web Interface.
This data is also integrated into Naverisk’s Reporting system, thus allowing you to run analytics of your devices security, using the available reports, which overtime, can show you where the weak links are and help you strengthen your Clients’ security, and allow you to protect their data more efficiently.
Please be aware that Security Monitoring is only compatible with Windows Workstation Devices due to Microsoft not including the Security Centre within Server OS’s.You will need a Device Role to monitor Security on a Server.
The Security Centre can be enabled by ticking each Checkbox. The use of each section is as follows:
If Service monitoring is enabled, a Failure SLA ticket will be created if the Antivirus service is detected as Stopped for more than 600 seconds.
If Signatures monitoring is enabled, a Failure SLA ticket will be created if the Antivirus signatures are found Outdated for more than 600 seconds.
If Firewall Service monitoring is Enabled, a Failure SLA ticket will be created if the Firewall is detected as Disabled/Stopped for more than 600 seconds.
If Service monitoring is enabled, a Failure SLA ticket will be created if the AntiSpyWare service is detected as Stopped for more than 600 seconds.
If Signatures monitoring is enabled, a Failure SLA ticket will be created if the AntiSpyWare signatures are found Outdated for more than 600 seconds.
Each threshold can be increased or decreased, depending on your needs. The maximum threshold is 999 seconds.
1.6 Network Utilisation
Allows you to monitor network interfaces for activity. Metrics can be set as default or separate values can be used for each Network device attached to the device.
1.7 Raise SLA Ticket when a Device Disconnects
This option allows you to monitor an Agent’s availability.
This option, allows your agent to ping the Naverisk Server at very fast intervals, thus being able to report if it’s state changes in real time, allowing you to immediately detect if the monitored device has connectivity issues, has been turned off, or has been reset.
By Default, this option is enabled for Server OS Templates and disabled for Workstation OS Templates.
Monitored Services: - Allows you to pick a Running Service from a chosen device, and set monitoring thresholds for it. Once applied to the OS Template, all inheriting devices will attempt to monitor the selected Service.
Monitored Processes: - Allows you to specify a Process, by name and set monitoring thresholds for it. Once applied to the OS Template, all inheriting devices will attempt to monitor the named Process.
Monitored Ports: - Allows you to specify an Address and a Port and specify Ping intervals (Seconds) and set a failure threshold for the Ping Intervals. If the target address is not reachable through the specified port, a failure SLA ticket will be created. Once applied to the OS Template, all inheriting devices will attempt to monitor the given address and port.
Monitored Events: - Allows you to specify a Windows Event, by Source, Type, ID and Description and set SLA’s for it. Once applied to the OS Template, all inheriting devices will attempt to monitor the given Windows Event.
These options are also available in Device Roles.
We recommend using Device Roles for specialized monitoring.
In doing so, you will also avoid overcrowding your OS Templates with unnecessary monitored Services, Processes, Ports and Events.
2.0 Create an OS Template from a Device
In the chance you need to create a specialised OS Template, that does not conform to any particular OS, you have the option to create a Device Specific Template.
With a Device Specific Template, you can create your own monitoring values from scratch, since Device Specific Templates come void of any settings.
Once your new Device Specific Template is ready and applied to your device, you can then create an OS Template from you new Device Specific Template.
To do this, scroll to the top of your Devices Details pane, expand the Device Tasks drop-down and select Create OS Templates from Device.
After naming your template, press Save.
Your new template can now be found in Settings > OS Templates.
The same can be achieved from Settings > OS Templates by clicking on the Create Template from Devices button. From here, you can then choose a Device to copy its OS Template. Select the Device(s) you want to copy the OS template from, then click on Make Templates.
You should then see your OS Template listed with the name you gave it, and its Device ID (this is so you can identify which Template is for which Device if you selected multiple Devices).
Once created, you can apply your new template to other devices that meet the same monitoring requirements.
3.0 Exporting & Uploading an OS Template
If you wish to join in on the community spirit and add to our ever-increasing list of OS templates found on the Routine Store, it is a simple process. Simply click the export icon beside IS Template you wish to share:
And this will generate the appropriate Naverisk file type. Open the Routine Store, and there will be an Upload button displayed in the top right:
Which will take you to a brief from where you can upload your routine to share it, and where you can provide a little context around what your routine does, and how it should be used:
Just remember to hit the 'Upload File' button at the bottom when you are done.
4.0 Alert Templates
The Naverisk Alert Templates allow the use of Escalation Alerting via email, to warn of Tickets not being responded to (Assigned) in a timely manner or critical events not being addressed appropriately. This will help to ensure that the Client’s needs and critical server errors are resolved within the timeframes that have been set.
Creating Alert Templates straight after you have added your Users and Groups is best practice as your Users tie into your Groups and your Groups tie into your Alert Templates. For more information on adding Clients, Users and Groups please head to the Resource Center in Naverisk.
The explanation of the Alert Template is above, is as follows;
The Alert Frequency for a Failure Ticket will notify the support techs when a new failure ticket is created, and then remind the Support Techs via email of the Failure Ticket every 60 minutes until the job is either assigned to a technician or closed.
The Escalate After will inform the Support Manager Group if a Failure Ticket has not been assigned to an engineer after 75 minutes, and will then continue to notify after ever 75-minute interval.
The Remind After will email the Alert Group if a Ticket has not been updated within the predefined period. In this case, The Remind After will inform the Support Manager Group and the Ticket Escalation Group if a Failure Ticket assigned to any Engineer has not been updated for 24 hours.
When you create the new Alert Template, you will be given 3 rows of 4 boxes to fill with your specifications.
Alert Template Details: This is where you add the name and the description of the Alert Template.
Alert Template Configuration: Is where you will assign your 4 levels of support from your Groups.
- You will see that you are given the different SLA statuses; this is where you can define which of your levels of support will get which Alerts.
- Target User Groups is where you can set the Groups from the Groups you created in the 'Users and Groups' section.
- Example, you can set the 'Information' and 'Warning' Alerts to go to the Support Engineers, 'Threat' and 'Failure' to go to Support Management.
Escalation User Groups: An Alert can be emailed to the specified groups if a Ticket is sitting as Unassigned for a set length of time.
Alert frequency: Sends an initial alert when the Ticket is created, and then a timed, recurring Alert will be sent to the specified Groups until the Ticket is closed.
Reminder User Group: If a Ticket has not been updated within the specified ‘Remind After’ time, Naverisk will alert the specified Groups. It does not matter if the ticket is assigned or unassigned.
Alerting periods: The time in where you would like to be alerted.
An Alert Template can also be assigned to a Client, as the Default Alert for the Client.
This will ensure that the Alert Template’s Settings are inherited by the entire Client, so that each ticket that conforms with the set SLA Status, will send an email alert to the designated Alert Group(s).
You can also select what happens when a new Agent is installed on a device, or when a Network Device is Discovered, using SNMP or WMI probing.
In the example above, the “Both Ticket and Email Alert” option is selected for both detection's. The ticket that will be created will be an Information SLA ticket.
However, you can opt to either have a Ticket created, with no Email Alerts, whenever a device is discovered, or a new agent is installed, or you can opt to only have an Email Alert sent to your Alert Group, without creating a ticket.
You can also choose to stop these notifications completely, by selecting the “No Ticket or Email Alert” option.
In case you wish to segregate the tickets, you can make use of the SLA Status drop-downs next to each Alert Setting.
5.0 Device Types
Device Types is what the Naverisk Agent will look at for all its Monitoring, whether it’s a newly Deployed Agent or an Agent currently added to your Naverisk instance.
Navigate to Settings > Device Types. You will assign your Alert Templates and your OS Template and Device Roles under Device Types per Client.
So, for server machines you can select the Server Alert Template and then assign your Customised OS Template for example, Server 2008 R2.
In the example above, all Server 2008 R2 machines currently under the Client you have just assigned will pick up all the settings in the OS Template, the Alert Template, and Device Roles. These will be added to any new 2008 R2 Devices that you add to this Client.
OS Templates and Alert Templates will need to be setup per Client, once this has been setup it makes it very quick and easy for Automatic Deployment of your updated Templates.
You can go into your OS Templates, make the alteration at Top Level, save the Template and then copy the Template down to Sub-Clients.
For more specific monitoring of software on machines please review our guide on Device Roles provided in the Naverisk Resource Center by clicking on the Question Mark Icon in the top right of your Naverisk Instance.
6.0 Case Study - IT Support Real World Alerting
In the example below, the following Alert Template (Bob’s Bakery IT Support Tickets) has been created. All Information Tickets (User / Client Created) will alert the ‘Support management’ Escalation Group via email, if the Ticket has not been assigned to anyone within 15 minutes.
All Warning Tickets will send an Email Alert to the Support engineers every 2 hours, until the Ticket has been closed.
All Threat Tickets will send an Email Alert to the Support engineers every hour, until the Ticket has been closed.
All Failure Tickets will send an Email Alert to the Support engineers every hour, escalate an Alert via email to the Support Management team if the Ticket has not been assigned within 10 minutes and send an Email Alert to the Risk Management team if the Ticket has not been updated within 24 hours.
To create an Alert template, Navigate to Settings > Alert Templates > New Alert Template