TNT Software

100% Developed & Supported in the state of Washington, U.S.A.

May 2007 Newsletter

May 1, 2007 Volume 2, Number 9

In This Issue

·     New stuff at TNT Software

·     ELM Monitors Virtual Machines

·    Monitoring PKI (Public Key Infrastructure)

·    Monitoring for Portable Media Devices

·    NOT Strictly Business

Check us out!

TNTSoftware.com

FREE - Try us for 30 days

Compare Products

Popular TNT Links

Sarbanes Oxley Information

Security

What's New?

Government pages

Read more…

Testimonials

"I don't see how anyone can run Windows machines without ELM. It's like watching TV without TIVO."

Case Studies

See how companies worldwide are using ELM to proactively manage their environments

Contact Us

2001 Main Street
Vancouver, Washington 98660

Phone: 360.546.0878

Fax: 360.546.5017

Toll-Free: 877.546.0878

http://www.tntsoftware.com/

Email TNT Software

New Stuff at TNT Software


Help us win again!

You made us a Readers Choice winner in last year's Windows IT Pro competition. Please help us win again!

This year the competition has evolved into the 2007 Windows IT Pro Community Choice Awards. The nominees are selected by inclusion in a Windows IT Pro review, so we're doubly honored to be included.

The folks at Windows IT Pro have made it easier this year. All you have to do is go here, log on or register, and select TNT Software (ELM Enterprise Manager).

To make it even more fun for all of us, they have a "Show Results" button so that you can see how the voting is going.

Let's make TNT Software the number one choice! We thank you for your support.

A controlled beta version of ELM 5.0 went to Florida last month - Many new features!

  • Custom reports
  • Event log file management
  • Rapid deployment
  • Archive database management
  • Configuration updates

...and more!

We'll see you at TechEd in Orlando in June.

Be sure to stop by booth 947 to say hello.

ELM Monitors Virtual Machines


Since Microsoft has restructured its licensing terms, Virtual Server and Virtual PC 2007 are now free for qualified customers. Those running Windows 2003 R2 Enterprise Edition can run up to four virtual instances on one physical server, and those running Windows 2003 Datacenter Edition can run an unlimited number of VM. The potential savings for the IT center is enormous.

Management of these VMs is a relatively new topic. To simplify their management, it is best to think of each VM as if it were a separate physical machine. To ELM, that means each VM must be monitored with its own agent. Is this difficult to set up?

No. An Agent can be created for any VM through the Agent Wizard. When asked to enter the Agent name, enter the NetBIOS name, host name, IP address or fully-qualified domain name for the VM. Alternatively, the Browse button can be used to browse a network and select the system.

In other words, ELM treats a VM as if it were any other server... yet another way ELM's flexibility can help IT Managers improve system availability and security while reducing operating costs!

Monitoring PKI (Public Key Infrastructure)


While the standard logon/password security may be adequate for most businesses, some highly distributed enterprises will use the Windows PKI certification authority to provide network security. Monitoring these keys requires two steps: enabling CA auditing in the OS, and creating an Event View and Event Filters in ELM.

The PKI Operations Guide details setting up CA Auditing. For Windows 2003, that guide is online here.

For ELM, the chapter, "Auditing and Event Management" is of particular interest. It lists the Event IDs used for Certificate Services. Those IDs are used to create the ELM Event Filter.

Creating an Event View to monitor PKI is straightforward:

  • Right-click the Event Views container inside the Results container in the ELM Console. Select New | Event View to open the Event View Wizard.
  • At the Select Include Event Filters dialog, right-click the Description field and select New Event Filter.
  • In the Event Filter Definition dialog, enter the event IDs that have been selected from the CA Audit Event IDs list in the Event ID is: field.
  • Proceed through the wizard using the Next buttons, entering appropriate information where necessary, then click the Finish button to return to the Event View Wizard. The Event Filter just created will now appear in the list and it will be checked.
  • Proceed through the Event View Wizard using the Next buttons, entering an appropriate name and description, and click the Finish button.

ELM is now set up to display CA events in the new Event View. Security for a highly complex system - better with the help of ELM.

Monitoring for Portable Media Devices


Using a WMI Monitor item in ELM Enterprise Manager allows the administrator to query various objects in the WMI Namespace. One useful way to use the WMI monitor is to monitor for the addition of portable media devices such as a USB flash drive or the MP3 player. As the WMI query results change (drive added/removed), the monitor item will trigger its action (i.e., Alert, Event Log Message, etc.). The following query utilizes the 'Win32_DiskDrive' Class in the WMI root\CIMV2 namespace:

SELECT Caption, MediaType FROM Win32_DiskDrive

Note: There are many other fields that can be added to the select query above depending on the information you are interested in.

On an Agent system named ELM-Agent with two SCSI hard drives configured, the following results would be returned when another Device is added.

Warning WMI Monitor - Win32_DiskDrive ELM-Agent

      <+>   Caption = SanDisk Cruzer Mini USB Device
      <+>   MediaType = Removable media other than    floppy

      root\cimv2
      SELECT Caption, MediaType from Win32_DiskDrive

      Caption = SEAGATE ST336753LW SCSI Disk Device
      MediaType = Fixed hard disk media

      Caption = SEAGATE ST336753LW SCSI Disk Device
      MediaType = Fixed hard disk media

      Caption = SanDisk Cruzer Mini USB Device
      MediaType = Removable media other than    floppy

As you can see the <+> indicator is to inform the administrator that this was an additional entry to the query results(Drive Added).

When the removable media is removed from the system the action will be triggered because the query result set will have changed again. This time the visual cue is the <-> like the following:

Warning WMI Monitor - Win32_DiskDrive ELM-Agent

      <->   Caption = SanDisk Cruzer Mini USB Device
      <->   MediaType = Removable media other than    floppy

      root\cimv2
      SELECT Caption, MediaType from Win32_DiskDrive

      Caption = SEAGATE ST336753LW SCSI Disk Device
      MediaType = Fixed hard disk media

      Caption = SEAGATE ST336753LW SCSI Disk Device
      MediaType = Fixed hard disk media

NOT Strictly Business

  • In February 1912, new U.S. football rules were enacted. The playing field was shortened from 110 yards to 100 yards, a touchdown would count for six points instead of five, four downs were allowed instead of three, and the kick-off was moved from midfield to the 40-yard line.
  • No two-cycle engines are allowed in Singapore. The license fee for a new car is small, about $5, but as the vehicle grows older, the fee increases. When the auto reaches 8 years old, it is no longer allowed on the streets. This law has eliminated almost all air pollution in the country.
  • The U.S. interstate highway system requires that 1 mile in every 5 must be straight. These sections can be used as airstrips in a time of war or other emergencies.
  • During World War II, the U.S. Navy's world champion chess player, Reuben Fine, calculated, on the basis of positional probability, where enemy submarines might surface.
  • Robert Redford attended the University of Colorado on a baseball scholarship.
  • If you have three quarters, four dimes, and four pennies, you have $1.19. You also have the largest number of U.S. coins without being able to make one dollar.
  • A local ordinance in Atwoodville, Connecticut prohibits people from playing Scrabble while waiting for a politician to speak.
  • In South America, it would be rude not to ask a man about his wife and children. In most Arab countries, it would be rude to do so.

May 1st in History

1707 - Scotland and England were joined together under the name of Great Britain.
1883 - Buffalo Bill (William F. Cody) staged his first Wild West Show.
1886 - A national coalition of labor groups started a strike in favor of the eight-hour work day. In Chicago on May 4, 1886, workers and police clashed, in what became known as the "Haymarket riot." May 1st is celebrated in most countries in the world as the International Workers' Day.
1931 - The Empire State Building officially opened in New York City.
1950 - Richard Rodgers, Oscar Hammerstein, and Joshua Logan won the Pulitzer Prize for their musical South Pacific.
1971 - The train company Amtrak began to operate and offer passenger service throughout the United States.

Born on May 1st:

1672 Joseph Addison essayist d: 1719
1881 Pierre Teilhard de Chardin French Jesuit author, paleontologist d: 1955 1919 Harry Caray [Carabini] sportscaster d: 1998
1923 Joseph Heller writer d: 1999
1939 Judy Collins singer
1960 Steve Cauthen horse jockey, Triple Crown Winner
1967 Tim McGraw country singer