Published 14th May 2008 by David Wiseman
Auditing access to your servers with ObserveIT
Many companies invest a fortune to protect their networks, servers, applications
and information. Such protection is usually targeted at controlling who can access
the network and servers, what they can do with information and services once they
gain access to these servers, and in preventing malicious users from causing damage.
Other efforts concentrate on prevention of hardware failures and maintaining high
availability for mission critical applications and services.
However, all these technologies lack one basic feature: They don’t always protect
us from one of the most common causes of failure - human error. The question “who
changed what and when?” is often asked when an application or server starts misbehaving,
and, unfortunately it usually goes unanswered. To get satisfactory answers one needs
to go through a painstaking troubleshooting process, and even then, an answer for
a simple question such as “who did it” remains unanswered. It would be really good
if you could see who logged onto the server, which applications were accessed and
what settings were changed. This is where ObserveIT (www.observeit-sys.com)
software comes to view.
ObserveIT acts like a video surveillance system for your servers, recording what
people are doing when they are accessing your servers. However, unlike a video camera
that captures “dummy” videos that you must slowly review minute by minute in order
to see if anything was done on the server, ObserveIT actually “knows” what’s seen
on the screen, and indexes that information as metadata that is attached to each
frame in the video. This way, by using a simple to use web interface with powerful
searching capabilities, you can easily perform textual searches even within videos,
similar to browsing through chapters of a DVD movie. The web interface gives you
both a server and a user diary. You can track recent activity on a particular server
or you might want to see which servers have been accessed by a particular user and
what applications were used. If you want to investigate further, you can click a
link to display a video of the user’s session. The web interface is also a single
point of administration for the agent software. While evaluating the software I
was amazed to see that by using a single keyboard click you could get crucial information
about where a specific application was accessed, who last touched it, and what that
person did before and after they made that change. No existing software can give
you that sort of control!
The use of this software will almost certainly reduce the downtime associated with
human errors. The knowledge that your every action is being recorded is going to
make people very careful about making configuration changes to servers. Also, when
a configuration change causes a problem, it will be identified and corrected faster
with ObserveIT. Imagine finding out that one of your administrators made a configuration
mistake on one of your servers. Instead of having to wait till the same problem
arises on other servers, or having to manually logging on and checking hundreds
of servers just to see if the same error has been made on them, with ObserveIT you
can press a keyboard button and immediately see where else the same screen was accessed
by that administrator.
As well as improved accountability, the software also helps reduce downtime by use
of sticky notes – a handy system that can warn people about actions that are likely
to have an impact on your server or application.
ObserveIT does not record at the protocol level, that is why it captures any user
session, including local logon, RDP, Terminal Services, Citrix, VNC and so on.
You might be wondering what the resource impact of such a system will have on your
monitored servers. The agent software is surprisingly lightweight and you can configure
what the agent records to minimize the impact on your servers. Although it records
everything by default, by using a policy configuration you can choose to record
only specific applications or user, or exclude activity from certain applications
or user. The software doesn’t record anything unless a user is actively using the
system – idle time is not recorded. The company has obviously put a lot of thought
into the resource use and the scalability of their system.
To get a better idea of how the software works, you might want to take a look at
this video link. Like
any good software company, ObserveIT allows you to try before you buy –
download it and see how good it is yourself! Installation is done with just
a few mouse clicks, and has no performance impact on existing servers or on your
network.