When a large enterprise network begins running into trouble, finding the problem can be a challenge. With unique configurations and idiosyncrasies from multiple environments, a variety of management tools, and thousands of users, the source of a network problem can be extremely difficult to resolve. In many cases, IT staff are taxed to the limit in investigating and repairing problems, often at the expense of day-to-day maintenance and end-user satisfaction.

At the UC Davis Health System, Anthony Riles—Programmer V and a member of the team responsible for the large heterogeneous system—faced just such a dilemma. “At the School of Medicine and Medical Center, our enterprise consists of Novell NetWare®, Windows NT*/2000, AIX, and mainframes serving about 4,500 client PCs,” said Riles. “With a network this large and complex, management is a major undertaking.”

UC Davis Health System faces several enterprise management challenges: namely, change detection, directory synchronization, and security. While all three functions can be performed individually on each system using a variety of tools, no single tool provided a common interface to monitor enterprise activity and enforce policy.

“Earlier this year we had a problem with directories just disappearing,” said Riles. “We could check through our administration tools and see that it was gone, but had no way of logging activity and tracking when it disappeared, why, and who did it. We needed a way to track and log changes on the entire network—not only in NDS® (Novell eDirectory), but also Active Directory*, and NT.”

Leveraging the power and extensibility of Novell eDirectory, GES stores event information as NDS event objects that are distributed automatically throughout the network. When an event is triggered, all registered network clients receive the event and any associated data.

NVMonitor for eDirectory and NVMonitor for NetWare not only detect and report policy violations, but with Visual Basic* scripting they can also automatically perform any administrator-determined action. For example, after detecting a violation, NVMonitor can notify (or educate) the user of the policy and violation and perform pre-scripted actions to correct or reverse the action. NetVision is helping UC Davis Health System develop a script to perform corrective activities immediately upon detection of a critical directory change, such as an unauthorized deletion. “Once we have the corrective script in place, we’ll develop specific policies that, when combined with the action, will help ensure that we never lose another directory,” said Riles.

NVIdentity leverages Novell eDirectory to perform bi-directional password synchronization among eDirectory, Active Directory, Windows NT, iPlanet*/Sun* ONE, Microsoft Exchange*, Lotus Notes*/Domino*, NetWare 3, and GroupWise®. “It’s difficult and inconvenient to administer a password in NetWare and then duplicate the action in Active Directory*. The NVIdentity component of the NetVision System automates that process for us,” said Riles.

“In health care—specifically with the Health Insurance Portability and Accountability Act (HIPAA)—patient confidentiality is the bottom line,” observed Riles. “We have a security committee that deals with all our policy issues, including HIPPA compliance. It’s up to my department to enforce and implement those policies. One of the real concerns for us is stopping unauthorized network activity and ensuring that authorized activity follows established policies. We will use The NetVision Integrated Security Policy Management System to get an accurate picture of all activity and automate policy enforcement.”

UC Davis Health System has successfully implemented NetVision’s Policy Management System and is focused on making the transition to a real-time, policy-driven network environment. “Our ultimate goal is real-time monitoring of our enterprise and proactive enforcement of policies,” concludes Riles. “For an IT department, the real benefit comes as we use tools to automate tasks that previously were duplicated on each environment. We have the policies in place, but now are well on the path towards establishing automated control over the enforcement of those policies.”

*All other marks are the properties of their respective holders.