CA NetMaster Network Management for TCP/IP Review

We are able to look at packet traces, at SSH handshakes for the key certificates, and at protocols that are transferring over the wire before it leaves the mainframe.


Video Review:

What is most valuable?

The most valuable features are tracing, SmartTrace; being able to look at packet traces; looking at SSH handshakes for the key certificates, as well as looking at protocols that are transferring over the wire before it leaves the mainframe.

How has it helped my organization?

It is fast getting work done over to banks. It's important to understand what the communication protocols are and get them fixed.

There are a lot of banks that had to be converted from FTP to SFTP, and there were all sorts of things that were issues while doing the conversion. Using the trace function was able to help alleviate certificate key problems very quickly.

What needs improvement?

What was mentioned at a recent CA conference was NetMaster's getting tied in with the whole new infrastructure with the analytics. That would be great to get that over to z/Linux, to see if there are tools that could do the understanding of how the network is working, and if it could be shifted off. For instance, I'd like to be able to see week-in, week-out what's happening with SFTP traffic. There are a few metrics that could be followed, and you could actually see in real time, with some threshold monitoring, with the new product feature that they had, with the metrics that were being put into the analytical phase.

A few months ago a java app making web services calls to the mainframe didn't "work". App developer blamed the majnframe. I traced the connection (port & source ip) in netmaster. Saw a SYN, SYN, ACK then nothing else. I told him he needed a network person to fix the problem. He wouldn't believe it. After telling him there was nothing more I could do, he got the network guru. Long story short - the skinny protocol (for voice) was turned on several routers. It used the same port as the listener on z for web services. The router let through the startup of the connection but skinny then dropped the data packets.
This would have been hard to troubleshoot without being able to see the trace and proving beyond doubt it was not a problem on z.

Seeing the handshake during ssl connections was also used to verify proper use of algorithms with remote vendor clients.


For how long have I used the solution?

I have been using it for seven years.

What do I think about the stability of the solution?

There are so many different functions that it has. I didn't think the SNMP function, was easy to set up. That caused some problems with the address space. It didn't bring it down, but there were issues with just getting the functionality to work, along with getting the correct ACF2 resource access permission set up. That was difficult. It was workable, but it took considerable more time to do than I thought.

Stability-wise, the whole product runs great, especially with the automation. That's where it really shines.

What do I think about the scalability of the solution?

With being able to scale out, no matter how many resources you add to it, the resources are definitely well-managed and controlled in a great way.

I thought one of the weaknesses was the ISR functionality between multiple LPARs, and being able to have a control point in just one. Doing that link, it's a one-offer product. You have to understand how ISR links work. It's nothing like you've ever used before.

It has scalability, but you're never going to be able to transfer that technology on how you set it up and configure it to any other products. It's scalable, but not the best way that it could have been implemented.

How is customer service and technical support?

There were three people that were on the line, that you could get the response from when opening tickets. All three do a great job. All three were prior users of the product. When it came to after hours, it seemed like the only people that really were accessible were the US team. Over in China, or a third shift for US, they really didn't have anybody. There was somebody over in the UK, so if it was early-morning hours, it was OK, but there was a little bit of a hole in the support side, actually, from the second shift, with the global following, over in the Asia-Pacific time frame.

How was the initial setup?

There are three different FMIDs: for the main product/automation, for TCP, and for SNA. Then there's more than that; there are more FMIDs. The individual setups were much easier done with Chorus. When it was done before Chorus, it was much more difficult. There's a lot of VSAM that has to be set up. The sizing of it became a bit of a problem for the IP lock; being able to capture the IP data that you want. There are a lot of variables that had to be considered. It was not one of the easier configurations that I actually had to do. You needed a lot of post-customization after the product was running; collecting data in order to get really a good working solution. Things in the manual didn't cover a lot of things that were really needed for sizing efforts.

Which other solutions did I evaluate?

NetView cost too much money. There was only really serious consideration among two products, and the cost of NetView was more than could be stomached.

For me, the most important criteria when selecting a vendor is the automation component. I want to see what the support team, that is, the post-sales, and in this case, it was actually a pre-sales person that was actually the most knowledgeable on how to do the automation functionality, and specifically with NCLs; how to create and get the NCLs to work, so that the NCL could do automated control of the network.
That was really important for us to be able to operate an SNA structure, so that, if there was an SNA failure, that you would have the automation be able to recover that node in time, because there was a lot of processing going on with banks, specifically with CICS having some sockets, as well as WebSphere. Having a person that knew the NCL capability was really important for me.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Add a Comment
Guest
Sign Up with Email