How Network-Enabled Devices Escape Your Attention: Don't Leave UPS, HVAC, and CCTV Cameras Blind and Powerless
Paessler Editorial Team
Aug 2, 2017 • 6 min read
Enterprises monitor most network-enabled devices by design. However, some devices come with networking protocols such as SNMP (Simple Network Management Protocol) disabled by default for security reasons. Some systems such as UPS (Uninterruptible Power Supplies), HVAC (Heating, Ventilation, and Air Conditioning), Physical Access Control Systems, and CCTV (Closed Circuit TV) cameras have traditionally fallen under the purview of groups such as facilities, operations, or physical security. IT may not have direct access or oversight of these systems.
Where electrical engineers are responsible for UPS systems and power distribution, for example, it may not occur to them that they should involve IT. They probably aren’t familiar with TCP/IP or SNMP and don’t know the benefits of network monitoring. Where an outside security provider is responsible for CCTV cameras, they may have no contact with IT, and the subject of network monitoring may never come up. IT may not know whether they can or should monitor these devices.
The devices above should fall under IT for network monitoring. The degraded function of any of these devices negatively affects IT uptime and security. It’s important to know why IT should monitor these devices and what your options are for doing so.
The Criticality of UPS Systems to IT
The importance of UPS systems and power distribution to distribution network cabinets and the datacenter, in general, is clear. UPS systems ensure datacenter uptime where power is at risk to maintain business continuity. UPS acts as a buffer between IT assets and the unwieldy nature of public utility power.
UPS keeps hardware running in the absence of primary power until devices shut down properly. UPS protects devices against electrical surges and sags that damage components. You can use UPS to determine a pattern for turning ports back on so that you don’t overload servers. Without UPS, systems would go down, and the enterprise would lose critical data, IT workloads/jobs, and hardware. Downtime and data loss would cost the company time, money, person hours, and profits.
Monitoring IP-Enabled UPS Systems
Most UPS vendors such as APC, Eaton, and Emmerson offer IP-Enabled UPS Systems that support network-based monitoring using SNMP. PRTG Hardware Sensors and Custom Sensors enable you to achieve robust monitoring with the SNMP protocol. IP-Enabled UPS systems are compatible with SNMP v1 through v3.
IP-Enabled UPS systems support monitoring and reporting on various metrics. Parameters include current, input/output voltage, and battery status indicators such as the state of charge and temperature on a per socket/port basis that can signal deteriorating performance and overheating batteries.
UPS systems can alert IT when the system switches to battery power, when you overload the system, and when it’s time to get a new battery. UPS monitoring can include line quality metrics for your electric utility, failed self-test notices, and alerts when the battery is too hot.
By implementing a PRTG sensor for your UPS, you can monitor battery capacity, temperatures, voltage, and historic data so you can model data over time. By adding available custom PRTG sensors, you can use SNMP to monitor readings such as temperature thresholds, line input/line output data, remaining battery runtime, whether you need to replace the battery, and other useful metrics.
You may find the following Knowledge Base threads useful when using the Paessler PRTG UPS sensor template to collect UPS metrics:
HVAC Systems’ Role in IT
HVAC systems keep datacenter servers and hardware below temperature thresholds, enabling optimal performance. HVAC equipment prevents overheating, which can lead to heat buildup, hardware malfunctions, and fried hardware. Proper placement of CRAC (Computer Room Air Conditioner)/CRAH (Computer Room Air Handler) units and proper management of air flow ensure that datacenter HVAC systems use power efficiently.These HVAC efficiencies play an important role in the datacenter’s effective use of power overall.
Datacenters need to watch airflow and temperatures, ensuring that cold air flows through datacenter equipment while hot air aisles send hot air into the intakes for the CRAC/CRAH units. Without these efficiencies, too much of the datacenter’s overall power bill goes to resources other than servers, the PUE ratio deteriorates, and the data center spends too much on power. If hot and cold air mixes, this dilutes the cool air and makes the CRAC/CRAH units work that much harder.
Using the Internet Protocol, TCP/IP, and SNMP to Monitor HVAC systems
Using IP-enabled communications over TCP/IP networks, and the SNMP protocol, the data center can monitor and report on HVAC system metrics that provide visibility into CRAC/CRAH unit performance, room temperature, hot spots, and airflow. For example, devices designed to monitor and alert on temperatures for HVAC systems, using SNMP and TCP/IP, like those from vendors such as Kentix can take these metrics for you.
Paessler offers some Environment Sensors, which you can use to pull temperature and humidity readings from servers and key locations in the datacenter server room. Your HVAC stakeholder will be happy to hear that you can retrieve temperature and humidity data at the server rack-level air intakes, outtakes, wherever there are potential hot spots, and at each HVAC unit (to confirm proper function of the unit). This will enable you to alert the HVAC stakeholder to metrics that fall outside acceptable ranges.
Physical Access Control Systems
Physical access control systems are necessary to datacenters and IT to prevent unauthorized system access that is only possible within a given physical proximity of devices inside an industrial campus, building, datacenter facility, or computer room. Physical access control systems prevent information breaches that are possible even when access via shared networks is impossible due to network segmentation.
Monitoring Physical Access Control Systems
Physical Access Control Systems are typically IP-enabled, but might not be SNMP ready. Where SNMP is available on these systems, you can use it to monitor device uptime and many other properties. There may be a number of types of physical access control systems and supporting devices to monitor. Make sure to configure monitoring for the device the user interfaces with whether a card reader, keypad, or biometric system and the control panel that compares the data the user entered with records in an access control list.
IP Based CCTV Systems
IP-enabled CCTVs connect using Ethernet ports and communicate over TCP/IP. CCTVs use UDP as the communications protocol for video streaming. CCTV systems usually use RTSP (Real-Time Streaming Protocol) for streaming. You could add a custom channel for monitoring RTSP traffic using packet sniffer and NetFlow sensors in PRTG.
You will want to monitor the NVR as well as each CCTV camera and any network devices on the CCTV network. A digital Network Video Recorder (NVR) can take the form of a computer or PC-based hardware appliance on a CCTV IP-based network. The NVR records live image/video streams from CCTVs to hard disk.
To confirm SNMP support, see if the CCTV responds to SNMP queries. If it does, use SNMP to enable monitoring for uptime and status. You can use SNMP to monitor the NVR disk for metrics such as available disk space and disk health. You can use SNMP to detect whether devices are up, online, and working and to log events and send alerts using traps.
You could use a bandwidth monitoring tool such as PRTG Network Monitor to alert on thresholds where the CCTV network switch bandwidth is greater than X to determine whether the cameras and network have sufficient bandwidth to do their jobs.
If SNMP is not available, you can use ICMP to confirm that the IP camera is up and available as a node on the CCTV network.
Make Monitoring Easy on Everyone
With monitoring tools offering increasing amounts of freedom of customization, you should be able to enable a degree of automation to remove some of the more tedious steps.
Before implementing IP-based or other communications protocols for monitoring or making any changes to any systems, contact the stakeholder for these technologies.They need to know what’s changing on their systems, sign off on it, and participate as your trusted adviser while learning their role in enabling the new monitoring technology.
Using PRTG’s comprehensive and granular alerting and reporting options, you can support stakeholders with relevant information about events and statuses. If there are accidents or issues, ask how you can improve protocols and monitoring to alert on these in the future.