Network Monitor for Operator

[David Teh]

Hi folks,

Correct me if I am wrong, but it seems QDX 5 was designed without ‘real life’ operations in mind?

The all-in-one, tabbed feature is pretty cool, but how do you restrict operator access to only the network monitor, without resorting to the ‘unsupported’ stuff?

Thanks.

Topic

[Jim Kosloskey]

David,

Advanced Security.

Jim Kosloskey

email: jim.kosloskey@jim-kosloskey.com 29+ years Cloverleaf, 59 years IT - old fart.

[David Teh]

So, the only way to give the Ops any proper monitoring tools is to throw out more money? 😛

Jim Kosloskey wrote:

David,

Advanced Security.

Jim Kosloskey

[Anonymous]

Add a shortcut to your desktop for hcinetmonitor.exe (located in c:quovadxqdx5.3integratorclguibinunsupported).  The operators will only see the monitor, not any of the other stuff

Marilyn Mohr MT(ASCP)QLI

Medstar Health

Baltimore, MD

[David Teh]

That’s what we’ve done all along. But now that it is an unsupported tool…the hospital “business” owners would want some answers….🙂

Marilyn Mohr wrote:

Add a shortcut to your desktop for hcinetmonitor.exe (located in c:quovadxqdx5.3integratorclguibinunsupported).  The operators will only see the monitor, not any of the other stuff

Marilyn Mohr MT(ASCP)QLI

Medstar Health

Baltimore, MD

[William Grow]

I guess the subject heading says it all.   I spoke to someone about advanced security…they made it out to be more trouble than it was worth. What I am curious to determine is if there is anyone out there with advanced security up and running and how difficult it was to implement. Additionally, can it serve the role of a tool to be able to audit changes made to files.  

Also, how did you get around the application user default useranme and password ie. u=hci p=******  To me it seems that if you implement advanced security you have to lock them out of the command prompt.

[Anonymous]

I explored this option to implement advanced security.

There are issues with it.

1. To Implement advanced security it is required that SUN’s LDAP server is installed in another server.

  when an organization uses Active Directory, LDAP is no use rather it would defeat the purpose of Actice Directory.

2. Cost is high.

Now, having worked on eGate, which has setup for users and based on the defined roles can access the monitor, I asked Quovadx whether they would implement /incorporate the Advanced Security in Standarad QDX.

No response. But I received a call from a sales rep for Global Monitoring. You may want to check that out.

-Reggie-

[Anonymous]

From my experience if you use the unsupported tool, engine panicks frequently. You would see signal 11.

-Reggie –

[Ken Seachrist]

We wrote our own monitor for the operators.  It has a file it reads and we have set thresholds on it to determine when the operators should be notified that there is a problem.  We have a GUI type view on a web portal part that shows nothing if all is okay, yellow if it is a warning state, and red if there is a problem, meaning that something has exceeeded the set threshold.  We tried using the netmonitor.exe, but it just didn’t work because of all of the threads and having to move from site to site to check everything out.  It was easier to have them notified by exception.

[Chris Brossette]

I too am against spending additional monies and am using the unsupported tools because my operators have to ‘stop/start’ interfaces occasionally when there is a problem…..not often, but better than calling me in the middle of the night for a simple fix.

Having your roll-your-own monitor sounds like a great idea…what about when there is a problem?  do you have scripts for the operators?

Thanks,

Chris Brossette

DB/DI Team Leader

MS Baptist Health Systems

Jackson, MS

[James Cobane]

For what it’s worth, we provide the Operations Staff with the full IDE, and have them run just the NetMonitor once they bring up the IDE.  It’s really just a matter of training and trust with the Operations staff.  They have enough to do that they don’t bother playing arounding with the other tools.

Jim Cobane

Henry Ford Health

[David Teh]

I certainly agree from an organisation’s point of view…….but the auditors certainly will have something to say about that. 🙂

And that is “real life” for most of us.

James Cobane wrote:

For what it’s worth, we provide the Operations Staff with the full IDE, and have them run just the NetMonitor once they bring up the IDE.  It’s really just a matter of training and trust with the Operations staff.  They have enough to do that they don’t bother playing arounding with the other tools.

Jim Cobane

Henry Ford Health

[Gene Salay]

Here at Bon Secours we went for the Advanced Security and Global Monitor.   It made sense for us because we have a central operations area that manages systems for many sites.   We also have development staff at various sites.

We contracted with Quovadx to help us implement AdvSec and GM.     Living with it and managing users with it is not difficult.    I believe AdvSec has two different levels – one simply controls overall access via the GUI and the other provides access control for individual functions.     The whole system continues to operate as the hci user, so at the lower level of AdvSec there is no application auditing of modifications.   At the higher level, a database tracks all changes.    Users who have command line access can still modify files directly without being limited by the AdvSec certificate controls.

GM allows Ops to stop and start interfaces if you would like them to.  Note that Alerts also provide the ability to auto-bounce connections as appropriate.

[David Teh]

Hi Gene,

Sounds like GM is the way to go.

We are not new to Cloverleaf and have implemented stuff like autobouncing of threads/processes via alerts as well.

The integrating of all the tools into one single GUI still don’t make sense to me, though. 🙂

Gene Salay wrote:

Here at Bon Secours we went for the Advanced Security and Global Monitor.

[Author]

Replies