GSX Blog

Beyond native IronPort 9.5 monitoring capabilities

Posted by Pavan Reddy on Thu, May 12, 2016


ironport_blog-1.pngCisco’s IronPort acts as a critical part of the messaging environment, so having visibility into the status of its health and usage is a must for businesses. If your IronPort fails, the entire email flow in your company shuts down, and nobody will be able to send or receive emails.

 Fortunately, IronPort is a relatively robust system, so it shouldn’t completely crash on a regular basis. However, it is far more likely that you will experience issues in global email performance and quality of service due to performance and health issues. In many cases, users will begin to complain of a degradation in service involving issues with their email delivery.

Without the proper monitoring tool, it can be extremely difficult to pinpoint the root cause. The IronPort monitoring market is limited, however. Cisco provides IronPort with its own built-in tool, but it is expensive and, as we will demonstrate, insufficient in providing you with all the information you need to stay on top of IronPort.

 System Resources

While IronPort’s built-in monitoring will provide basic information on CPU and memory usage, there’s absolutely no ability to analyze trends over time. GSX provides both live monitoring and reporting for CPU and memory utilization, with up to 3000 data points. Multiple key performance indicators are critical to tracking IronPort health, and ensure that it is not being overloaded. This includes CPU and RAM usage, Disk IOs, Queue Utilization and Availability Status, and Mail Transfer Threads.

 Email Processing

Real-time visibility into IronPort email processing is necessary to help detect abnormal usage or even an attack on the infrastructure from within or outside your company.

 The only alert IronPort can provide is on the Maximum Messages in Work Queue counter. If you’re an admin, you can run many different commands in the CLI to access queue information, but obviously it’s terribly inefficient to have to manually run separate commands every time you need to understand what’s going on with your mail delivery system.

 GSX for IronPort allows you to have full visibility into key counters without having to run a single command. We fetch all the counters for you and present them on a single display. You can also view this information in graphical format to better analyze and identify trends, and make troubleshooting far easier.

 By tracking the ingoing and outgoing SMTP connections, total active recipients, message failure indicators, and more, you can ensure that any issues with email processing won’t affect the health of your global messaging environment. This includes key spam indicator metrics (dropped messages, soft and hard bounces, etc.) that can cause serious problems for your company. Being on top of these indicators will help you avoid inadvertently having your company flagged as a spammer, which will block your messages from being delivered.

 DNS

Analyzing the health of the cache will give you better insight into any IronPort resource, network, or spam issues. It is useful for proactive management of the IronPort health. By ensuring that the number of cache-pending DNS requests is low and the ratio of cache hits to cache misses remains constant, you can actively detect and prevent service degradation.

 IronPort itself cannot alert you to any DNS cache issues. This information is visible through the web interface, but in order to get accurate results, an admin has to once again run commands manually through the CLI.

 GSX, in contrast, will full monitor IronPort and immediately alert you to any DNS cache issues. GSX allows you to configure thresholds on both DNS cache and network requests. Using our graphs, you can analyze trends and optimize these thresholds.

 License Management

It’s important to know the accurate status of all IronPort licenses in real-time. If one or more of your licenses expires, critical features can be deactivated that jeopardize email security. Without a comprehensive monitoring tool, you won’t be made aware of these issues, because the IronPort itself will appear to be functioning normally.

 Currently, IronPort does not offer any capabilities for license monitoring. GSX, on the other hand, will alert you in case a license for an IronPort appliance is about to expire. This enables you to proactively monitor and renew licenses to avoid major email outages, as well as identify and save money on unused licenses.

 Overall Advantages of GSX Monitoring for IronPort

 Multi-platform, real-time, centralized dashboard that can be shared across multiple teams relying directly on IronPort performance and health

  • Proactive end-to-end IronPort monitoring using end user scenarios with critical performance counters
  • Easy troubleshooting
  • Reduce MTTR and help desk calls
  • Customizable to your needs
  • Alerts and dynamic reporting capabilities

To access the IronPort Monitoring White Paper, click here

Baniere-mailWPironPort.png

Tags: IronPort, Network, Antispam, Antivirus, Monitoring IronPort, Email Security