As administrators provision new servers and virtual machines (VMs) either in the cloud or on-premise, every additional server must be monitored for health and security to ensure the safety and performance of the network. It’s increasingly more important for administrators to monitor servers as they continue to add more to the network as these servers must be maintained, patched, and retired eventually. Without server monitoring, administrators would be unaware of issues such as resource exhaustion (e.g., low storage or spikes in CPU utilization) or possible security breaches. Server monitoring collects data and statistics from servers and their logs and provides administrators with the information they need to make informed decisions for server support.
Why is server monitoring important?
Servers are critical components of a network. They perform authentication, authorization, security, network functionality, store data, and provide a platform for applications to run. The health and security of these network components is critical for business productivity. Depending on the function of the server, a compromised server could allow an attacker to exfiltrate sensitive data containing information about customers and employees. The same critical server could affect organizational productivity if it crashes. Monitoring can give administrators information that they need to be proactive about cybersecurity, hardware and software maintenance.
Server monitoring can help administrators track:
Accessibility: for example, pinging the server to ensure it’s powered on and responding ensures that users can connect to the server and use its resources.
CPU and memory usage: ensure that the server has enough CPU power and RAM installed to process requests. If resource usage spikes, performance can drop.
Performance: if servers do not respond quickly, it could create lag in critical applications and response time will increase.
Low storage capacity: servers that store data must be monitored for low storage to avoid unknown consequences from little or no remaining storage space.
Processes: if a background process fails either randomly or during server reboot, it could mean that the server fails to execute requested functions. For example, if the process used to run web services fail, the server may no longer respond to web requests.
Security: monitoring authentication attempts—both failed and successful—can alert administrators to a potential compromise.
How does server monitoring work?
The way server monitoring works depends on the application and service used to collect data from the server. Server events can be logged and aggregated so that a central application can parse and read information. This workflow is especially useful for environments that contain several servers and other network appliances.
Server monitoring provides administrators with several functions. Here are some functions that you should have with your monitoring tools:
Track specific resources: you might want to track basic resource usage across all servers, but you may want to track specific resources on other servers based on their function. For example, you might want to track performance on a database server or specific web services on a web application server.
Monitor changes to server configurations: changes to server configurations could mean a compromise. Monitoring changes could help contain a threat before it can be used to steal large amounts of data.
Work with aggregated logs: in a large environment, it’s possible to have dozens of servers executing different functions. Each server generates its own logged events, which can then be aggregated in one location. A logging and/or monitoring tool that reads and analyzes data should be able to pull from several logs across numerous storage locations.
Set up alerts: should any anomalies be found, a monitoring tool should be configurable to send alerts to administrators. Alerts can be sent to email or with a tool like PagerDuty or Slack, but they must be sent immediately to administrators that can further review issues.
Internally, the organization should have the right documentation and procedures in place to respond to alerts and monitoring anomalies. In large environments, the organization could have a network operations center (NOC) or security operations center (SOC) where analysts review and monitor output from monitoring tools. If there is no dedicated team responsible for reading data, the organization must rely on alerts sent from tools to the appropriate server administrators. Some tools assist administrators with the necessary next steps to respond to an alert, but it’s still the responsibility of administrators and other network staff to determine the next best steps.
What type of servers can be monitored?
Monitoring tools can be used on any server including those provisioned in the cloud. Cloud providers have their own monitoring tools, but they may not fit the needs of an organization. Fortunately, many third-party tools are available that can monitor the entire environment including cloud servers.
Server monitoring can be performed on:
Web servers: web servers run any number of applications available either on the public Internet or internally. Generally, web servers offer services on port 80 (HTTP) and port 443 (HTTPS), but they could be hosting other applications available to employees or Internet users. Monitoring tools can be used to ensure the web server’s performance, uptime, hosting processes, CPU and memory usage, and unusual traffic patterns.
Application servers: servers often host applications available to employees or other users. For example, you might run a database on a server, and this application is available to your web application as well as internal employee desktop tools. Monitoring uptime on this server ensures that the web application stays functional.
Network servers: a standard TCP/IP network uses several protocols and services running on servers. For example, a DNS (Domain Name System) server will resolve friendly names to IP addresses. A DHCP (Dynamic Host Configuration Protocol) server assigns IP addresses to network resources. If these services fail, it could stop productivity on the network. Monitoring uptime and performance on these servers ensure that critical network functions are operational.
File storage servers: the main purpose for file servers is to store data. Should storage space run out, it could affect productivity and any applications using the server to save data. Monitoring tools can ensure that there is plenty of storage space.