Operations Monitoring Software

The software packages discussed in this article are Big Brother, Microsoft Systems Center Operation Manager, and Zabbix. All three are monitoring software geared at making it easy to establish system status, ideally making a check of your network and infrastructure as easy as clicking a button.

Big Brother

Big Brother is commercial software produced by Quest Software. It performs agent-based and agentless monitoring, and will run on Windows and *nix platforms, testing all systems every 5 minutes.


Interaction with Big Brother is web-based, consisting primarily of a website that shows a series of six symbols indicating whether the host is OK, attention is needed, trouble, no report, unavailable, or offline. The monitoring itself is easy to diagnose: Green is good, red is bad. An example of the Big Brother overview screen can be seen here. Graphs of system status are fairly easy to access, simply by clicking the notification indicator concerned. However, further graphs are non-configurable, consisting of a static selection of averages. A unique and very useful screen that Big Brother displays is a event changed screen, which shows indicators that have changed recently, and what their status was previously. An example can be seen here.

Monitoring protocols and configurability

Big Brother will monitor most common protocols such as IMAP, http, ftp, and ssh. For communication with its agents, it uses a proprietary protocol directed over port 1984. Agents are assigned to monitor client machines health status, with metrics like disk space, processor usage, and system Event Logs. A significant user community has contributed agents to monitor a variety of different services and metrics.


BB4 has a fairly robust system for notifications via all the common channels: paging, SMS, e-mails, and SNMP.


Since most of Big Brother's charts are generated automatically, the responsiveness of the interface tends to be a bit quicker. However, since these charts are being generated automatically on a scheduled basis, this does lead to more processing overhead. Big Brother checks in with all monitored devices every 5 minutes, which will cause a regular spike in traffic on the network.

Microsoft Systems Center Operations Manager

Microsoft SCOM is the newest version of Microsoft Operations Manager. The primary selling point of SCOM is integration with Exchange, Active Directory, and Sequel Server from the ground up.

Monitoring protocols and configurability

Microsoft SCOM monitors most common protocols, with a particular emphasis on measuring Microsoft services like Exchange and Active Directory. Additionally, SCOM allows for centralized monitoring of crash information for client machines. While SCOM isn't as focused on monitoring networking equipment and other SNMP devices (Microsoft uses EMC Smarts for that purpose on their own network), SCOM is capable of monitoring them.

Management packs

Monitoring is accomplished primarily by the use of Management Packs, which can be downloaded from a central catalog on Microsoft's site. Beyond the realm of Microsoft products, Microsoft relies on product vendors to integrate their products with SCOM creating their own management Packs. These Management Packs can come in two forms: Sealed and unsealed. Sealed Management Packs are un-editable and can only have minor tweaks made through "overrides", while unsealed Management Packs allow for customization.


SCOM dispenses notifications with monitoring thresholds and workflows. As an issue escalates in importance, different workflows designed to mitigate the problem are engaged, and increasing levels of notification are sent off by e-mail, pager, etc.


Zabbix is an open source product that has a significant amount of community support. Maintenance and development of the software itself, in addition to being community supported, is done by the Zabbix team, which sells support for the product to generate revenue and further development.


The interface for Zabbix is also web-based, consisting of a web page that allows easy assessment of the monitored systems. The initial-glance page isn't quite as intuitive as BB4, but it is easier to find out more in-depth information about each of the systems and metrics monitored. Additionally, monitoring graphs are rather granular in the information displayed. It is easy to switch between viewing network traffic patterns for the past hour, past week, and past month, and then switch to viewing server load for the same time period. An example of the Zabbix overview screen can be seen here.

Monitoring protocols and configurability

Zabbix will monitor virtually any protocol, including IMAP, http, ftp, ssh, Windows Event Logs. Frequency of updates is configurable. A strength of Zabbix is that, with proper know-how, just about anything can be monitored and displayed for easy historical trend analysis. It is most likely the most flexible of the three options presented here, presenting an incomparable richness of information. However, this does come at the price of a learning curve. The Zabbix community is large and helpful, and the paid support is quick, but a bit less mature than the support force behind Big Brother.


Since Zabbix's graphs are generated at user request, responsiveness can be a bit slow as the server generates and displays the graph on the requested page. However, this does mean lower processing overhead for the server, since it doesn't generate graphs that aren't viewed. Due to the sheer volume of inputs, Zabbix can run slower than Big Brother, but in most deployments is fairly lightweight and very suited to virtualization.


Zabbix can be deployed almost instantly for test or production, thanks to the creation of virtual appliances that will run in the free VMware Player or VMware server. The server could be deployed for testing, and if it seems like the right solution, support could be purchased and the shift from test software to production system could be made very quickly.

System requirements by product

Product Disk Space RAM Processor
Big Brother --- --- ---
SCOM1 5GB 1GB 1.8GHz
Zabbix 100MB 256MB 1.3GHz

(1) Microsoft SCOM's architecture is best suited to a multiple-server architecture. All components can be run on the same server, but this is not recommended. If multiple components of SCOM are being combined onto one server, more robust configurations are suggested.

Print This Page Share:
Date Posted: April 16, 2013 Tags: Technical Info, Provider Resource, Wireless

Was this information helpful?

Login with PennKey to view and post comments