Feb 00 NetManage
Volume Number: 16 (2000)
Issue Number: 2
Column Tag: Network Management
netOctopus 3.5
by John C. Welch
Reviewing the premier Network Management Application for the Mac OS
Disclaimer
I have been a netOctopus customer for almost 2 years, and have been more than a little pleased with the product, and most definitely with the programmers and support staff who have followed the product across its last three owners to its current home at Netopia. I was also involved in the 3.5 beta program, most heavily with the SNMP features. As a thank you for my help and work, Netopia gave me a free copy of one of the program modules that would normally be a purchased product. Having disclosed this, on with the review.
Background
netOctopus is a network and computer management application that allows you to monitor and control various hardware devices on your network. netOctopus, also allows you to manage the configurations of both the operating system and applications for Windows NT and 95/98 PCs, and Macintoshes on your network. By using the SNMP (Simple Network Management Protocol) management addition, netOctopus can also monitor, and help manage almost any device that supports the SNMP protocol, including Unix workstations, printers, routers, hubs, or even uninterrupted power supplies (UPS). netOctopus operates across TCP/IP, NetWare, and AppleTalk networks, and can run any one or all of those protocols. netOctopus runs as both a server and a client, and either part runs on both 32-bit Windows and Mac OS platforms. Finally, netOctopus supports automation/scripting on both platforms, AppleScript on the Mac OS, and Visual Basic on Windows. For this review, I will concentrate on a Mac OS server with both Mac OS and Windows clients, and the SNMP add-on.
Installation
Installation of the netOctopus administrator is fairly straightforward, with the usual choices between Easy and Custom installs. You can choose either the default location at the root of your startup disk, or a specified folder. If you choose easy install , then the Administrator, File Scripter utility, client updates, and template files are installed to the default location, unless you don't specify a different location. There are also a number of shared libraries placed into the Extensions folder, along with the Mac OS NetWare client. If a custom install is picked, then you can choose the type of administrator you wish, either 'flavored' or standard. (Flavored is a special install package that is used only with flavored clients for certain situations. For 99% of you, the standard administrator is what you want.) In version 3.5, the administrator is PowerPC only, so if you plan to upgrade an existing installation that's running on a 68K Mac, its time to upgrade the server Mac. The File Scripter utility is still either 68K, PowerPC -native, or Fat and you can choose which version. This is also the install to use if you don't want to have the NetWare client installed on your Mac.
Finally, you can also choose whether to install the client updates. Other installed options include some default AppleScripts, and a series of scripts and installer documents that allow you to perform remote installations of the Mac OS, versions 8.5 and greater. (Since 8.5 is the first version of the Mac OS that doesn't require multiple human interventions once you start the install, this is the first version that can be supported practically .) Once the options are chosen, the installer runs, and you can either install more options, quit, or restart the server. Since you have to restart for the netOctopus libraries to load, you'll have to do this before you can set up the server.
One of the things I appreciated about the install procedure is that you are not forced to do a restart. Since this is the type of application that will probably be running on an existing server, casually forcing you to reboot is not the kind of behavior that is conducive to happy networks, servers, users, or administrators.
Administrator Setup
The basic setup is decent enough for most, but there are some quibbles. For one thing, Netopia follows the common practice of setting the default memory allocation to the minimum needed to run the application. I had to double it to get things to a usable level with more than just a few clients. (This is one practice that too many other Mac administrators, and I heartily wish would end. It may make for worse PR, but at least I wouldn't have to remember to set realistic default settings for too many applications to count). The preferences dialog is split into fairly logical subsections that deal with network protocol preferences, logging, notification, printing, general, SNMP, (if the SNMP add-on is installed), software metering, and printing. netOctopus's preferences are actually fairly simple to set up for most users. The TCP/IP, SNMP, and General preference settings make use of text configuration files to do a lot of the setup. Although potentially annoying, netOctopus makes liberal use of examples in the sample files to make sure that even someone with only a basic knowledge of networking can set up these files correctly. Although not a standard way to configure a Mac application, the config files are a boon to anyone who needs to configure multiple netOctopus administration computers, as they allow creating and changing configs via file copies.
netOctopus also allows a nice degree of flexibility in assigning administrator rights. As shown in figure 1, you can have multiple administrators with different levels of control rights. One or more administrators can also be designated a "Super Administrator," analogous to root in the Unix world, which gives you all rights to any netOctopus . The advantage of this is that instead of an all or nothing approach to assigning administrator rights, a manager can give one person the ability to only gather information from clients, another to do that AND make changes, and so on. This is important because in a situation where netOctopus is running a network of hundreds of computers, you don't want only one person able to administer them. On the other hand, you don't want to give every person using the netOctopus administrator complete control over the network. By allowing you to define levels of permissions, netOctopus maintains the best balance between flexibility, usability, and security.
Figure 1.
Another way in which netOctopus maintains its flexibility is the way it allows you to run the administrator program. netOctopus's licensing is based on the classic razor model. You pay almost nothing for the admin program, instead, you pay for capabilities, in terms of numbers of clients administered, and program extensions, such as the SNMP add-on. The advantage is that it allows you to have multiple copies of the administrator program if needed. For example, my main AppleShareIP server runs a copy of netOctopus. However that copy is used mainly for status checking of computers and software licenses. For installations, I use another copy that runs on my laptop. I have the same access to the clients, but I don't have to worry about interrupting any timed jobs on the server. netOctopus implements this is via an admin key file, that is created when you log in to netOctopus for the first time (after entering your serial number). The admin key file, along with other netOctopus preferences is kept in the preferences folder of the startup drive. By copying just the admin key, or all the preferences to other Macs running the netOctopus administrator, you can make setting up a netOctopus admin server as easy as a file copy. This is very nice when you have to set up 4 or 5 Macs. Since the client can run on the same Mac as the admin program, you can use the main netOctopus admin program to install and set up other netOctopus admin servers. This makes netOctopus function very nicely in an environment with multiple locations and multiple admin servers. In addition, if you set up your installation source drive properly, one shared drive can be a netOctopus install point for multiple servers.
Mac OS Support
netOctopus does a more than adequate job of supporting both new and traditional Mac OS technologies. Drag and drop is used everywhere possible, from preferences dialogs to installation dialogs. Setting up views in different windows is also done via drag and drop. Another technology that receives excellent support is AppleScript. The dictionary is not only well stocked with - any function that can be accessed from the menus or dialogs, but the comments in the dictionary are clear, concise, and easy to follow. Almost every dialog is non-modal, which means that if you need to go to another app, or mount a drive in the middle of a netOctopus session, -you can leave the dialog box where it is, and do things - around it. netOctopus has also supported Navigation Services since version 3.0, which is another feature that helps you get your work done - without the program and interface getting in your way. Finally, netOctopus also supports the KeyChain, reintroduced in Mac OS 9. Considering that the average user of this product is a network admin, who may have a dozen or so different login IDs and passwords, any effort made to reduce or automate this process is greatly appreciated.
Network Administration
Since netOctopus is a network administration program, how does it perform those tasks? In a word, excellent. Now realize, this is not the program to single handedly run a network of 15,000 Macs, Windows, and Unix workstations from a single location. However, thanks to the distributed nature of netOctopus's architecture, and the decentralized management system that can be used with netOctopus, you can run that same network with multiple servers, and some judicious AppleScript.
Workstation Administration
netOctopus's first strength is to help you manage the computers on your network. User information, process control, installation, configuration, and virtually any task that an administrator would need to perform can be done on both Windows and Macintosh computers. One new feature in version 3.5 is enhanced process control. If you want to see just what resources Word 98 is using on a G4, open up that computer's workstation information window, select processes from the drop down list in the window, and there it is. Even better, is someone playing Tomb Raider on company time? Select that process and kill it just in time to hear the screams, then send that user a polite reminder of what constitutes appropriate software on company computers as you delete the game from that Mac. You can also use netOctopus's AppleScript support to create a script that works in conjunction with the iDo script scheduler to check for various games by creator code, and do all this automatically. netOctopus's capabilities extend well into the cross platform realm as well. One of the most tedious tasks for a network admin in a multiple platform network is enabling plain text passwords in Windows NT so that these boxes can see the AppleShareIP servers on the network. Thanks to the NT team's foresight, the only way to do this is via registry edits. Now, hopping from machine to machine is tedious at best, but with netOctopus, you can do them all at once. Select the machines you want to edit, go to the Commands menu, choose Windows Registry, then New Registry Value..., and enter in the correct values. Go back to the Commands menu, hit Restart..., and voila! That NT box or boxes can now see your network. Even better, create a little AppleScript, like the one in Listing 1 below, and compress the whole thing into two steps. That's right, netOctopus allows you to do script editing in the Windows Registry, and a whole lot more!
Listing 1: Enable NT plaintext passwords:
Install the NT registry hack that allows Windows NT 4 with Service Pack 3 or higher to use plain text passwords on a network.
property NoSelectionErr : "There is no computer selected. Please select one!"
tell application "netOctopus"
set theWindow to window "Computers"
set theSelection to selection of theWindow
if theSelection exists then
add registry value of theSelection registry key path "HKEY_LOCAL_MACHINE \\SYSTEM\\CurrentControlSet\\Services\\Rdr\\Parameters" registry value name "EnablePlainTextPassword" registry value type number value registry value "1"
else
display dialog NoSelectionErr buttons {"Okay"} with icon stop
end if
end tell
If nothing else, the above listing is a good reminder of why a very solid password policy is required for this product. netOctopus can be used to do a lot of damage in almost no time to a large number of computers. The entire list of computer administration and reporting features is too long to show you in this review, but suffice it to say, short of remote control, and making coffee, (which netOctopus will allow you to get by with much less ), if you can do it to a Mac or WinTel PC. netOctopus can do it easier. You may never get up again!
Software metering
Possibly one of the most onerous and tedious duties an admin has, is dealing with license compliance. This is a thankless, and in these networked days, essential duty. Thankfully, netOctopus makes things easier for you here as well. By using a template document with the file types, creator codes, licenses owned and application name for each application, you can have netOctopus check your network for applications in use, and see if they are legal or not. (Luckily, Netopia provides a sample document with over 400 entries for everything from FileMaker Pro to A-10 Attack. There are also clear instructions for modifying this document for your own needs.) netOctopus also includes preference settings for automatically running the meter, exporting the results, saving the results in a netOctopus database file, and running AppleScripts after finishing a metering session. (See Figure 2).
Figure 2.
Software Installation
The ability to remotely install software to multiple clients simultaneously is another major feature of most network administration packages . Here, netOctopus gets a mixed review, which is only partially its fault. On the Mac side, netOctopus does an excellent job installing software. If the software you need to install uses Apple's installers, such as a ColorSync update, netOctopus can directly read the installer package script, and allow you to set the same options as if you were doing a manual install. Once you install any software to 30+ computers at once, with less effort than installing it on one manually, and you will never want to go back.
If the application uses another installer, such as Stuffit InstallerMaker, or Installer Vise, then you can still create your own installs, but it gets a little more complex. In these cases, you need to use the File Scripter utility that comes with netOctopus. This application allows you to install the application on the netOctopus server, and then you either manually tell File Scripter where the files to be installed need to go, and where they are on the server, or you use a snapshot to build this information. Using File Scripter's snapshot facility involves taking an inventory of all files on the server prior to software installation - , or snapshot, installing the software, and taking another snapshot after the install is complete. You then tell File Scripter which snapshot to use as a before and which to use as an after. File Scripter uses the difference between the two to create the installer for the software. You can either use this on an application by application basis, or install several apps at once. This method is the best to use for applications with a lot of files, such as Office 98, or Exodus 7.0. Once you have built the File Scripter install, regardless of method, the final step is to build an Apple installer from File Scripter's. This is as simple as telling File Scripter to make an Apple Installer, whether to copy or move the files to be installed into an install folder, and where to save everything. On a G3/300 server, creating an Office 98 Apple installer of everything but the extra clip art took less than a minute.
If all you need to do is copy some files to install them, then you can use the generic Install... option in the commands menu. Give netOctopus the local location of the files or folders, and then pick the destination. netOctopus lets you choose almost every special folder in a Mac from a dropdown list, so it is rare that you have to manually type out a path. This option also allows you to open the file after its copied, which is very useful in conjunction with AppleScript. This is how I do my desktop printer setups. I use netOctopus to copy over the PPD files for the printer, then copy over a script that uses the desktop printer scripting in the Mac OS to automatically create the 5 printers that we have at AER. To do this on 30 Macs takes about 5 minutes, including copy time.
On the Windows side, things are a little harder. Since netOctopus on the Mac can only start Windows executables, and pass them a series of command line instructions, the remote install capabilities are hit and miss. For something like Office97, it's a hit, as shown in Listing 2 below. Because the Office 97 installer supports a full range of command line parameters, I can fully automate this. For programs such as Netscape on Windows, you can remotely start the install, but must choose options manually at the machine, or via Timbuktu, which integrates nicely with netOctopus. (Timbuktu and netOctopus have always worked well together, even before the same company owned them.)
Listing 2:: NT Office 97 Install Script
This script tells netOctopus to install Office 97 from a network install point to a remote machine. The only manual intervention needed is at the netOctopus end, to enter the user name for Office.
property NoSelectionErr : "There is no computer selected. Please select one!"
property theServer : "\\\\Retrospect\\Shared_files"
property thePassword : "
property thePath : "\\pc_files\\office97"
property theExecutable : "setup.exe"
tell application "Finder"
set theDialogReply to display dialog "Enter the user's name for Office 97" default answer "Computer Services" buttons {"Okay", "Cancel"} default button "Okay" with icon caution
set theUserName to text returned of theDialogReply
end tell
tell application "netOctopus"
set theWindow to window "Computers"
set theSelection to selection of theWindow
if theSelection exists then
execute PC installer of theSelection server name theServer security domain level user name
"root" user password thePassword executable path thePath executable theExecutable execute
using any drive letter parameter "/b 2 /k \"12341234567\" /n \"" & theUserName & "\"
/o \"AER Inc." /q1"
else
display dialog NoSelectionErr buttons {"Okay"} with icon stop
end if
end tell
In my view, netOctopus would greatly benefit from increased integration with InstallShield, the installer used for 99% of all Windows programs.
Other Administration
In addition to the Mac and WinTel support, netOctopus can also virtually monitor any device on your network via the SNMP add-on. SNMP, which is the network management protocol for most networks, is used to monitor everything from printers, to routers, to databases. SNMP uses agents, which run on the devices and respond to queries, and MIBs, or Management Information Database files, which contain the information the agent uses to determine its capabilities. At its maximum capabilities, an SNMP monitor can receive and send messages, or traps, to SNMP agents and devices on the network. These traps can be used to get information, or tell a device to shut down, restart, etc. depending on the MIB file. netOctopus comes with support for the standard RFC MIB files, and also has support for a number of other MIB files, such as printers, and other Apple specific MIB information. Although netOctopus doesn't directly use conventional MIB files, (an omission I hope is fixed in the next version), Netopia has set up an email address for you to send MIB files to, where they are compiled, into netOctopus modules, and mailed back to you. (Releasing the compiler would be a handy step as well.)
Once the MIB modules are installed, netOctopus can send out requests for information, and display the results. The handy printer MIBs, allow you to query the printer and see if it has an error condition, such as a paper jam, etc. With the advent of TCP/IP printing, the ability of the printer to notify you of an error has been lost somewhat, so this is a nice way for an admin to make up for this loss. Unfortunately, netOctopus has to initiate the SNMP requests, so if a router is having problems, it can't send a trap to the netOctopus administrator, it has to wait until it is queried by netOctopus. This is a big part of SNMP-based management, and is a large, although not critical lack of ability on netOctopus's part. The folks at Netopia have told me that they are working hard on adding trap support to netOctopus, which would then put it on a par with other management packages.
Conclusion
netOctopus isn't perfect, and could use more complete SNMP support, direct MIB support, and better installer support for Windows applications netOctopus does perform other tasks extremely well, so the overall impression is extremely positive. I endorse this package with the highest recommendations . In the end, I give it these thanks: With netOctopus the number of days I don't work late has dramatically increased, and for a Network Admin, that's the highest praise of all.
John Welch <jwelch@aer.com> is the Mac and PC Administrator for AER Inc., a weather and atmospheric science company in Cambridge, Mass. He has over fifteen years of experience at making computers work. His specialty is figuring out ways to make the Mac do what nobody thinks it can.