1. PARTNER Enablement Training

2. Agenda Company Overview End to end IT Management Product Portfolio
Network Management
Systems and Database Management
Security Management
Desktop & Incident Management
Useful Resources
Q & A
We will take the next few minutes to introduce you to SolarWinds as a company, why it makes sense for your business to sell SolarWinds, introduce you to all the products in our end to end IT management product portfolio. Finally, we will leave you with useful resources to help you during your customer engagements and wrap up with Q&A
© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

3. INTRODUCTION COMPANY OVERVIEW
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

4. Company Overview
Enterprise Class IT Management Software EASY-TO-USE ROBUST REPORTING POWERFUL AFFORDABLE
Over 150,000 customers in 170 countries. SMB to Fortune 500.
More than 425 of the Fortune 500® are customers
12th fastest growing U.S. tech company in 2012 (Forbes®)
Headquarters in Austin, TX employees worldwide
FY2014 Total revenue $428m, 28% YoY, ~44% operating margin
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

5. Global Presence Company HQ
Cork, Ireland
EMEA HQ - Opened ’07
Sales, Support, Finance & Operations
Other Offices, North America
Lehi, UT North America
Boulder, CO Dallas, TX
Brno, Czech Republic
Opened ‘08
All products Dev & QA
Office Opened 2013
Austin, Tx North America
Company HQ
Singapore
Opened 2008
Sales & Support
Chennai, India
Opened 2010
Manila, Philippines
Opened 2014
Australia, NZ
APAC HQ in Sydney
SolarWinds is a global company with sales, support and development offices around the world.
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

6. SolarWinds – The Power to Manage IT
User Experience
SolarWinds products are built with end user experience in mind. The products help IT professions across various IT functions solve every day IT challenges in a powerful yet easy to use manner. We leverage out community to understand these IT challenges, connect our users to their global peers and drive product roadmaps based on customer feedback.
© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED. 6

7. SolarWinds Offers a Better Choice
The Traditional Way
The SolarWinds Way
Powerful, but
complex products
Powerful & easy-to-use products
User makes buying decision
Sell to CIO
Low-cost entry points, tiered pricing
Top Down Product Decisions
$$$$$
Very expensive
IT Pros in Control
$ - $$$
Installation requires consultants
Easy to evaluate and install
Up to months to
implement
Up and running
in under an hour
Custom
enterprise
agreements
Standard click-through agreements
© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

8. Solarwinds it management solutions
Network Performance
Systems
Management
Security
Management
Incident & Problem Management
Network Fault & Performance
(NPM)
Network
Config
Server/
Application
Monitoring
(SAM, WPM)
Log Monitoring & Event Correlation
(LEM)
IP Address Management / Device Tracking
(IPAM, UDT)
Help Desk (Web Help Desk®)
Network Bandwidth & Traffic
(NTA)
Database
Performance
Analyzer
(DPA)
Firewall Rules and Object Analysis
(FSM)
Network Configuration Management
(NCM)
Remote Administration
(DameWare®, Mobile Admin®)
Windows® and 3rd Party Patching
(SPM)
VoIP Monitoring
(VNQM)
Virtualization
Storage monitoring & Capacity Planning
(VMAN, SRM)
© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

9. SolarWinds Product Integration
Alert Central™
*FREE* Centralized IT Alert and On-Call Management
Scalability Engines
(Enterprise Operations Console, Polling Engines, Web Server, Fail Over)
Firewall Security Manager
Firewall
Security Analysis
Engineer’s Toolset
Real-Time Monitoring & Diagnosis
Direct Integration
Network Performance Monitor
Fault & Perf Monitoring
VoIP & Network Quality Manager
VoIP/Network Quality Analysis
Network Configuration Manager
Network Configuration Management
IP Address Manager
IP Address Management
NetFlow Traffic Analyzer
Traffic Analysis
User Device Tracker
Network User and Port
Tracking
AppStack Enabled
Server & Application Monitor
Servers & App Management
Web Performance Monitor
Web Experience
Monitoring
Virtual-ization Manager
Virtualization
Management
Storage Resource
Monitor
Storage
Patch Manager
Patch
Management
Direct
Integration
“Orion® Platform” Based Products
Log & Event Manager
Log and Event
Management
(SIEM)
Web Help Desk
Help Desk
DameWare
Remote Control and
Active Directory® Admin
Other Products – Misc. Integration
Other Transactional
Products
Network Topology Mapper (NTM), Kiwi Syslog®, CatTools®, Serv-U® MFT, Mobile Admin
Misc. Integration
The ‘Orion Platform’ is at the core of the SolarWinds IT Management Portfolio. It is an organically developed platform which provides a stable and scalable architecture and includes data collection, processing, storage and presentation.
The Platform provides common features like network node discovery, dashboards, reports, alerts, SNMP traps, Syslog, Groups, etc that be leveraged across all these products. So, if you installed NPM, UDT and SAM on the same server for example, they all use the same database and the data all comes into the same dashboard. You can create groups using monitored objects across all 3 products and the alert definition process is the same for all 3 products.
Here are some points to note about the Orion Platform
Windows Based – Microsoft Operating System & Database
10 Products Based on this Platform – 6 Network, 4 Systems
3 Further Products with Direct Integration – 2 Network, 1 Systems. Direct Integration allows these products data and functions to be accessed from with the Orion Web Console
3 Further Products with various levels of integration such as exchanging alerts
© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

10. Orion core platform Overview
Windows based platform providing unified data collection, storage and presentation including a Rich and Customizable Web Based User Interface and centralized administration
Orion® Platform Highlights
NOT A PRODUCT, but a common platform underlying many SolarWinds products.
Easy to deploy, configure and maintain
Shared administration of Nodes, Credentials, Users, Alerts and Reports
“Single Pane of Glass” -LUCID Web Interface (Logical, Usable, Customizable, Interactive & Drill Down)
Highly Stable and Scalable
API Available
Before we begin looking at individual products, it’s important to understand what the Orion Platform is.
Orion is not a product in itself, but rather a common platform shared by many SolarWinds products. All products which are based on the Orion platform can be installed together on the same server and share the same data collection, storage and presentation services.
LICENSING
THE ORION CORE PLATOFORM IS NOT A PRODUCT AND THEREFORE IS NOT LICENSED
© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

11. NETWORK PERFORMANCE SOLUTIONS
NPM, NTA, VNQM
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

12. NPM Product Overview Network Performance Monitor
Application-Aware Network Fault and Performance Monitoring Software
NPM Highlights
Provides Comprehensive Network Monitoring
Intelligent Network Reporting & Alerting
Automated Network Discovery & Mapping
Analyze user Quality of Experience using Deep Packet Inspection
Dynamic Groups and Dependencies
Route and Multicast Monitoring
Scalable, Extensible, and Easy to Deploy
Historically, SolarWinds’ strong brand has been associated with this product.
Network Performance Monitor or NPM is an enterprise class fault and performance monitoring software.
By fault – we mean up/down monitoring. Detect when a device or an interface on the network goes down. This can be a switch, router, server, printer, Wireless Access Point – literally any device with an IP address and that supports SNMP. Fault monitoring is a term associated with handling SNMP Traps and Syslog messages, which NPM can handle as well.
By performance – we mean things like response time and packet loss measurements, CPU & Memory usage, hardware health (fan / power supply / temperature /etc status), amount of traffic / errors / discards in and out of managed interfaces
NPM does this for multiple vendors (Cisco®, Juniper®, F5®, etc)
All this sounds quite simple, but there a number of features you expect from an enterprise class network monitoring product that NPM offers as well
Discovery: NPM can scan the network to detect any new devices or new interfaces / volumes on already monitored devices. It means the network engineer spends very little time to add new devices and interfaces into NPM
Mapping: NPM also monitors the topology information, i.e., how the devices are connected to each other on the network. It can then show this information on a easy to understand interactive map
Alerting and Dependencies: The NPM interface is very flexible and fully customizable unique to every use login. It is used by a lot of customers to display customized dashboards on a big screen. In addition, NPM can send s or send SMS messages to notify administrators of fault or performance issues. Many times, these alerts are used to automatically create a ticket in an incident management system. Suppose you installed NPM in your HQ and you have a remote site that is being monitored from HQ, and the WAN router were to go down – do you want 1 / 1 ticket for this outage or do you want multiple s / tickets (1 for each device in the remote site)? This is where SolarWinds dependencies can help administrators focus on the root cause. You can create a dependency of all the devices in that remote site (dynamically based on IP range designated for that location, for example) to the WAN router so that you can get 1 / 1 ticket when the router goes down.
Reporting: NPM has a fantastic web reporting interface that can be used to create a professional layout of charts and tabular information. The reports can be automatically delivered to recipients.
Route monitoring: NPM also active monitors the routing tables of Layer3 devices, and can detect network instability by alerting on flapping routers. This includes VRFs (virtual route forwarding)
Scalability: NPM is used in many large networks including many large Telcos around the world. The scalability options are discussed later on in the presentation
Extensible: The rule of thumb for NPM is SNMP. In some cases, customers maybe interested in gathering some device specific information (could be something as specific as the status of ink toners in a SNMP enabled printer) that is available via SNMP but not gathered by NPM out of the box. There is a utility included in all NPM license sizes to build custom pollers to extend the out of the box monitoring. This information can be used for maps, reports, alerts, dashboards – just like the out of the box content.
LICENSING
NPM is based on the highest of nodes (any device with an IP address), volumes (like C drive, D drive on a server) and interfaces (ports, physical or virtual interfaces, VLANs)
NPM is typically used to monitor network devices like switches, routers and firewalls. In majority of the cases, interfaces ends up being the highest count. Customers can definitely choose which interfaces to monitor – if a switch has 48 port switches and only 10 ports are online, NPM will only count 10 ports for licensing (not 48, not 10+1). Just to clarify further, if a customer bought an NPM SL100 (100 nodes, 100 volumes, 100 interfaces) – supposed they added 20 switches, routers, etc and 100 interfaces across these 20 devices, they will not be able to monitor any more interfaces but they can still add another 80 devices (switches, routers, firewalls, etc) to monitor device up/down, CPU, Memory, hardware health, route monitoring.
© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

13. NTA Product Overview Netflow Traffic Analyzer
In-Depth Visibility Into Network Traffic and bandwidth usage
NTA Highlights
Monitor Network Traffic by Capturing Flow Data
Quickly Identify Endpoints, Applications, and Protocols Consuming Bandwidth
Provide Historical Trends for WAN/LAN Bandwidth Usage
Investigate, Troubleshoot, and Quickly Remediate Network Slowness and bandwidth contention
Multi-vendor flow protocol support: NetFlow, jFlow™, sFlow®, and NetStream™
Efficient storage of flow data
Netflow Traffic Analyzer or NTA
This product is a great synergy with NPM, and is a highly effectively tool for troubleshooting network slowdowns. A vast majority of NPM customers also own NTA. This is because NPM can tell you if particular interfaces (especially WAN and Internet links) are running at high utilization (80%, 90% or maxed out) and NTA will help you drill into it to understand what types of traffic is contributing to that 80, 90, 100%.
This relies of flow capable Layer3 devices. A flow protocol is used to send summary information of network conversations to a flow collector such as NTA. A flow record contains things like source IP, source port, destination IP, destination port, number of packets, number of bytes, etc. Although the product is called ‘Netflow’ traffic analyzer, it supports flow protocols from multiple vendors – Netflow from Cisco, jFlow for Juniper, sFlow from HP, NetStream from Huawei®.
A typical use case is that users complain that the Internet is slow, and you can see in real-time if a user is downloading a large file from (say) dropbox.com or if users are downloading files from BitTorrent. We have come across some amusing stories like an employee hosting an Internet streaming radio station that had gone undetected for years until NTA was used.
WAN links especially inter-country ones are not cheap by any means. You don’t want heavy duty database traffic to be using 50% of the WAN link, for example. NTA is a great way to detect such improper usage.
LICENSING
This is sold as an add-on to NPM. In fact, this is the only product that is not sold as a standalone. NTA license must always match the NPM license size. If a customer has an NPM SL100, they must buy NTA for NPM SL100. When they upgrade their SL100 to say SL500, they must upgrade their NTA to ‘NTA for SL500’ as well.
© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

14. NPM/NTA Keywords & Questions
Keywords: NMS, Cisco®, Juniper®, F5®, Router, Switch, Firewall, Network Monitoring, Network Topology, Links/Interfaces/Ports up/down, LAN/WAN throughput, /SMS Alerts, Network Operations, NOC, SNMP, Wireless, Bandwidth Analysis
Qualifying Questions
Do you know how much of your Internet and WAN bandwidth is being used?
Do you have a pro-active way or monitoring your network before your users report issues?
Do you have a single pane of glass to consolidate monitoring of all routers, switches, firewalls and other network devices?
How do you perform network health checks, and report back to management on network availability & performance?
Do you know what exactly your WAN/Internet bandwidth is being used for?
© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

15. VNQM Product Overview Voice & Network Quality Monitor
Continuously measure WAN Quality and analyze VoIP Call records and Gateway performance
VNQM Highlights
Monitor WAN Performance Between Cisco Devices
Visualize Site-to-Site Network Performance
Monitor VoIP Call Quality and Key Statistics
Quickly Review WAN Performance for Impact on Key Applications
Discover and Automatically Setup Cisco IPSLA Devices
Analyze historical CDRs/CMRs from Cisco and Avaya® Call Managers
Voice and Network Quality Manager or VNQM helps network engineers with 2 things
Continuously measure network quality using Cisco’s IP SLA technology (typically measured router to router. So, we imply WAN quality here)
Provide a searchable view of the quality of every phone call managed by Cisco Call Manager
Customers can choose to use both or either of these features.
1. Network Quality: Cisco IP SLA capability effectively turn Cisco routers into a network probe. IP SLA capable devices (typically WAN routers) can be configured to perform various continuous tests like Ping, Trace route, DNS lookup, response time for a website. VNQM enables you to configure these routers from an intuitive web console. Once configured, VNQM simply polls the results of these tests using SNMP and helps you trend & alert on this data. Whenever you purchase a WAN link, the service provide will assure of a certain quality (10 ‘Meg’ link with max latency of 20 milliseconds, for example). By continuous measurement of the response time between routers, customers can hold the service provider accountable for this promised SLA. It is also used to make the routers make a simulated VoIP call to another IP SLA capable router, and measure the quality of that call (it’s called MOS – Mean Opinion Score)
I want to quote another interesting story – our CRM system is salesforce.com. We had a recent incident where our Singapore office was unable to get to salesforce.com whereas Sydney and Cork were able to access it absolutely fine. The Cisco router in Singapore was configured to measure the response time to salesforce.com. Before a whole bunch of people in the Singapore sales team could open redundant helpdesk tickets, our IT team had already notified the team via an automated from VNQM that it was aware that salesforce.com was not accessible from Singapore. That is the difference between being pro-active vs reactive.
2. Voice Monitoring: VNQM can provide a searchable view of valuable information stashed away in Cisco Call Manager logs (also called CDRs – Call Data Records). For every single call managed by Cisco Call Manager, VQNM tracks the MOS that is based on latency, jitter and packet loss. It can also correlated with the IP SLA measurements. So, if someone opened a helpdesk ticket saying ‘I made 2 international phone calls today, and I received 4 calls around 1PM today. It was extremely choppy and I had to repeat myself many times’, the voice engineer can simply punch in the user’s extension and search for all the calls made by that user and see what score (MOS) CCM assigned to each of those calls. If CCM determined the quality was very good, it was probably a wireless headset issue and they were probably too far away from the phone.
LICENSING
It is based on the highest of Nodes, IP SLA source devices, and IP phones. Typically, it ends up being the highest of source devices and IP phones
IP SLA Source Device – the origin of the IP SLA operation. If (say)10 IP SLA operations were configured on 1 IP SLA capable router, then it only counts towards 1 source device.
IP phones – the total number of IP phones (soft phones or actual VoIP phones) managed by CCM.
If a customer is only interested in CDR monitoring, then source devices do no matter. If they are only interested in network quality monitoring, number of IP phones doesn’t matter. If they are interested in both, then use the highest of source devices and IP Phones.
© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

16. NETWORK CONFIGURATION SOLUTIONS
NCM, IPAM, UDT
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

17. NCM Product Overview Network Configuration Manager
NCM Delivers Affordable, Easy-to-Use, Multi-Vendor Network Configuration and Change Management
NCM Highlights
Simultaneously modify and backup any CLI device configuration
Compare startup and running configurations
Real time change detection, notification, and rollback
Create configuration policies and compliance reports
Change management approval, scheduling and workflow
Inventory reporting including End of Support information
Network Configuration Manager or NCM
As the name suggests, NCM is used for effective change management of configuration changes.
Would you buy a car without insurance? I am guessing not no matter how many years you have been driving. Running a network without something like NCM is a bit like buying a car without insurance. NCM is absolutely essential to recover quickly from inadvertant changes.
Three words to remember about NCM – backup, restore, bulk changes
A configuration file is what tells a router or a firewall or a switch how to behave. If you execute a command on a router to make an inadvertent change, the router itself doesn’t offer any way of reverting to your good configuration. In fact, the number #1 reason for network outages is bad configuration changes. First of all, NCM does a backup of the configuration on both a scheduled basis and also in response to configuration changes (we call this real-time config change detection). It can notify the administrator immediately with a ‘before and after’ .
If you need to restore the device to a previously know config, you can do it from the web console. So, it makes it very quick and easy to recover from bad changes.
A lot of the times, network engineers need to make the same change on several hundred devices – say, changing the IP of the Syslog server across 200 switches. Rather than doing it 1 switch at a time, NCM allows you to type the command once and execute it on multiple devices (i.e., bulk changes). It means huge time savings for engineers.
Configuration changes are typically done outside of business hours. NCM allows engineers to schedule these bulk changes so that engineers don’t need to stay back late or come in over the weekend. In a lot of ways, it is giving them their life back.
You might be thinking – ‘Wow. So, you can do all this from a web console now. Isn’t it multiplying the risk as anyone with access to this web console can make potentially dangerous updates?” The answer to that is NCM’s delegation and approval features. If a senior network engineer realizes that he is spending 5-10% of his time making VLAN membership changes, guess what – he can create an ‘NCM config change template’ and delegate this to an operator or a junior engineer who has no expertise in IOS or JunOS® etc. The senior engineer just needs to click ‘Approve’ or ‘Denied’ In an extreme case, we have a temporary office space provider who delegated this to their receptionists in each office.
We have also had customers who have used NCM as a project management tool using the compliance reporting features. They had configuration baselines defined for various phases of their data center rollout and used the compliance reports to see if all the devices were in conformance with the project milestones.
NCM can do all of this for any device that has a text based configuration and can be accessed via CLI (Telnet / SSH®)
LICENSING
Number of devices
© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

18. NCM Keywords & Questions
Keywords: Config Backup, Config Restore, Bulk changes, Change management, Compliance
Qualifying Questions
Did you know #1 reason for network outages is bad configuration changes? Are you prepared for such an event?
How did you perform a routine configuration change like a new SNMP community string, or change Syslog Server IP across hundreds of devices? Manually, one at a time?
Do you need to stay back late or come in over weekends to make configuration changes?
Do you analyze your network config for internal / regulatory security best practices?
Enterprise customers – very few network engineers managing several thousand network devices?
Keywords – No brainer keywords when NCM is a good fit
Qualifying Questions
Q. Did you know #1 reason for network outages is bad configuration changes? Are you prepared for such an event?
A. NCM backup and restore features
Q. How did you perform a routine configuration change like a new SNMP community string, or change Syslog Server IP across hundreds of devices? Manually, one at a time?
A. NCM bulk-change feature
Q. Do you need to stay back late or come in over weekends to make configuration changes?
NCM’s scheduling features
Q. Do you analyze your network config for internal / regulatory security best practices?
NCM’s compliance reporting features
Q. Enterprise customers – very few network engineers managing several thousand network devices?
A. NCM’s config change template and approval features
© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

19. IPAM Product Overview IP Address Manager
Comprehensive DDI (DHCP, DNS and IP) Management software for complete control over IP space
IPAM Highlights
Automated IP Address Scanning
Historical IP Tracking
Multi-vendor DHCP and DNS Management
Role-Based Access Control
Alerts on IP Space Usage and resolve IP Conflicts
Subnet Allocation Wizard
Supports Cisco, ISC and Microsoft® DHCP Servers, Microsoft and ISC BIND DNS
IP Address Manager or IPAM is a powerful DDI solution from SolarWinds to completely streamline all processes related to the IP space.
DDI stands for DHCP, DNS and IP Address. It is a software layer that sits on top of existing DHCP and DNS servers.
The first use case this addresses is spreadsheet replacement. Every network engineer needs to design the network in terms of subnets and IP ranges. (subnet A for servers in the data center, subnet B for IP phones, etc). This is typically tracked manually in spreadsheets – which can get out dated very easily. Typically, whenever some one needs an IP, they contact the network engineer but when they don’t need it anymore they don’t bother informing the network engineer. This also leads to ‘subnet sprawl’ (i.e., creating more subnets than required based on outdated information) and also other change management implications like changing firewall and router rules for new subnets. IPAM solves this problem by very fine grained delegation features and continuous scanning so that everyone always sees the up-to-date information and only the information they are supposed to see.
The next challenge for network engineers is increased number of personal devices being plugged into the network. One of my colleagues has 2 laptops, an Android phone, a Blackberry, an iPad. This is on top of the VoIP phone – that is 6 IPs for 1 person. IPAM is very effective in alerting whenever a DHCP scope or subnet is running out of IPs.
For DHCP servers and DNS servers, IPAM also enables complete management from the convenience of a web console – whether it is adding a new DNS zone, or modifying the DHCP options.
Just like UDT, all this information is retaining historically. Since IPAM sits on top of existing DHCP and DNS infrastructure, it is non-disruptive and makes it very quick to integrate with existing setup. No need to rip and replace with expensive and proprietary hardware appliances.
IPAM is also multi-vendor and supports Microsoft DHCP and DNS, ISC BIND DHCP and DNS, and Cisco DHCP
LICENSING
Simply based on number of managed IPs – actually in use, reserved or transient. If a customer has 10 /24 networks and only 600 IPs are actually in use, they would simply need to go for the smallest license tier IPAM1024, not the IPAM4096. In other words, it is not based on the IP capacity but instead on actual usage.
© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

20. UDT Product Overview User Device Tracker
Complete visibility into endpoints and users connected to your switch ports and wireless access points
UDT Highlights
Track end points connected to switch ports and access points historically
Track users logged in to end points
Detect rogue devices based on white lists.
Historical search based on user name, IP address, Hostname or MAC address.
Shutdown a port from the web console
Track used and free ports on switches
User Device Tracker or UDT is a historical switch port mapping solution. In other words, it tracks which devices are connected on your network along with the users logged into those devices. It tracks this information historically for both wired and wireless connections.
With UDT, our IT team will be able to track that I was using my laptop in the conference yesterday and at my desk today. And, that the user name logged in was TUL\Joe.Smith. You can search the history using IP address, MAC address, hostname, or username.
It is useful not just for users devices – if you had to do some maintenance work on a switch, being able to quickly know which servers are connected to it is extremely useful to know. It also helps you avoid following those color coded cables in the data center – you can instantly know that server123 is connected to port xx on switch xy. You will not accidentally unplug from the wrong port. This information is also available via the Mobile Admin product (separate product) and is a great way for engineers to access it from their smartphones while in the data center.
The other benefits of this is being able to submit capacity planning reports (a report of how many ports are used in each switch), which is usually a quarterly time consuming exercise.
UDT is also able to do whitelisting and blacklisting on the endpoints (If a non-corporate laptop name ABCDEF connects to your network that doesn’t conform to LT-*** or SVR-*** naming convention for example, UDT can detect as a rouge device). You can choose to shutdown the switch port from the UDT web console.
LICENSING
Technically based on highest of nodes, volumes and switch ports. For all practical purposes, this would be base don number of switch ports.
The license tiers are pretty generous – starts with 2500 ports. You would count all ports on the switch – both online and offline, although the user has the ability to exclude ports.
© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

21. SYSTEMS MANAGEMENT SOLUTIONS
SAM, WPM, VMAN, SRM, DPA
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

22. SAM Product Overview Server & Application Monitor
Availability & Performance monitoring of Applications and Underlying Server Hardware
SAM Highlights
At-a-Glance insight into the health of applications, physical and virtual servers
Dynamic service groups and dependencies
AppInsight™ templates (deep monitoring) for SQL Server®, Exchange and IIS
Automatic warning / critical thresholds based on baseline
Out-of-the-Box server hardware monitoring
Remediation and Troubleshooting tools like Real-Time Process Explorer and Real-Time Event Log Viewer
Optional Windows Agent for data collection
Server & Application Monitor or SAM in short is a solution designed to monitor the availability and performance of mission critical applications and the underlying server hardware. The applications can be usual suspects like Microsoft SQL, Exchange, DHCP, DNS, IIS, Oracle, or can even be a home grown application. The applications themselves can be running on Windows, Linux or Unix.
SAM has been a phenomenal growth driver for SolarWinds, and has won numerous industry awards such as ‘Best of TechEd’ in 2013, a premier Microsoft event held every year.
SAM is an agentless product which means there is no requirement to install any SolarWinds software on the application servers. This makes both POCs and production deployments very quick.
SAM does also have the option of using agents for data collection if desired or necessary, for example to monitor servers in a DMZ or hosted in a public cloud.
The process is literally adding or discovering the servers as nodes, and assign any of the nearly 200 out of the box templates to the relevant server nodes. Take the IIS template, and assign to all the 10 web servers running IIS. As simple as that. There are also several hundred community generated templates that can be readily used within SAM. So, if you don’t find an out of the box template there may not be a need to re-invent the wheel. If you need to build a template from scratch, it is usually wizard driven and done in a matter of minutes. Lately, we have introduced new types of templates called ‘AppInsight’. Currently, there is an AppInsight for SQL, Exchange and IIS available. These AppInsight templates provide deep monitoring of applications. For example, the AppInsight for Exchange tracks the historical usage of every mailbox including the number of messages sent & received both internally and externally.
One of the most challenging things about application monitoring is to set appropriate thresholds to be alerted on abnormal behavior. If a user’s PC is infected with a virus and starts sending out several hundred messages, the number of messages in the Exchange server’s queue is very likely to go beyond a normal range. Also, what is considered a normal range for the message queue for customer1 is not relevant for customer2. It depends on number of mailboxes, nature of their business, etc. So, ‘one size simply doesn’t fit all’. SAM simplifies this by automatically baselining the historical data and can automatically set the warning & critical thresholds. It will continuously adjust those thresholds to adapt to the environment. This is fantastic because SAM becomes a turn-key solution for your customers and you do not spend the bulk of your implementation time doing mundane things like setting thresholds.
Hardware health is another reason why lot of customers purchase SAM. By hardware health we mean monitoring things like Fan, Power Supply, Temperature, Disk, CPU, Memory status. SAM does this for HP, Dell, IBM servers and any vSphere host. It relies on the hardware sensor software from the respective vendors like HP Insight Manager, Dell Open Manage and IBM Director. For VMware vSphere hosts, the hardware sensors are built into the vSphere firmware – so, no vendor specific software is required. We have had customers send us thank you notes that SAM helped them prevent their servers from getting fried.
When it comes to troubleshooting server issues, usually the first thing an administrator goes is login to the server and check the task manager and troll through the event logs. SAM conveniently exposes all that information in the web console. The administrator can then choose to kill a process or stop a service from the web console. This cuts down troubleshooting time. With Role Based Access Control, you can also provide the same information in read-only mode. This means you can expose this valuable troubleshooting information to 1st and 2nd line support technicians without providing direct access to application servers.
LICENSING
SAM is based on the highest of nodes, volumes, and component monitors. Component monitors ends up being the highest factor usually. For estimation purposes, you can use 25 component monitors per application. AppInsight for SQL template uses 50 component monitors per SQL instance (regardless of number of databases). AppInsight for Exchange uses 50 component monitors per Mailbox Role server (regardless of number of mailboxes). AppInsight for IIS uses 30 monitors. So, 10 SQL server instances and 10 other applications usually means monitors, so you would recommend SAM AL1100 (up to 1100 component monitors)
© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

23. SAM Keywords & Questions
Keywords: Application availability, Windows®/Unix®/Linux®, Disk failures, Virtual/Physical servers, VMware®/Hyper-V®, WMI, Performance Counters, Nagios®, Scripts, Processes, Services
Server Hardware Vendors: Dell®, HP®, IBM®
Common Applications: Microsoft Applications like Exchange, MS SQL, Active Directory®, IIS™, Lync® Server, SharePoint®, etc
Others: Citrix® XenApp®, Oracle®, Apache®, Tomcat, TACACS, MySQL® , Databases – literally any application including homegrown applications
Qualifying Questions
What are your business critical applications? Are you alerted when these critical applications go down?
Do you need to restart services to get an application running again?
Are you alerted when a fan or battery failed, or a hard disk is about to fail?
Do you need to report on hardware and software inventory on your servers?
How long goes it take to setup a new application for monitoring?
Keywords – No brainer keywords when SAM is a good fit
Qualifying questions
Q. What are you business critical applications? Are you alerted when these critical applications go down?
SAM provides a pro-active approach to monitoring applications
Q. Do you need to restart services to get an application running again?
A. SAM can automate service restarts when they stop or when applications stop responding.
Q. Are you alerted when a fan or battery failed, or a hard disk is about to fail?
SAM provides centralized hardware health monitoring and alerting for the hardware health of Dell, IBM, HP and vSphere servers.
Q. Do you need to report on hardware and software inventory on your servers?
SAM collects inventory information about all installed software, drivers and hardware for Windows, Unix and Linux servers
Q. How long goes it take to setup a new application for monitoring?
SAM’s monitoring is agentless. So, adding new applications and servers into SAM is a breeze.
© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

24. WPM Product Overview Web Performance Monitor
End-user experience monitoring for internal, external or cloud-based web applications
WPM Highlights
Continuously monitor user experience of internal, external or cloud-based web applications
Test as often as every 1 minute from multiple locations
Wizard driven Player deployment on Amazon EC2® Cloud
Response Time Alerts on overall transaction and/or individual steps
Licensed based on transactions, not on steps
Supports Java®, AJAX, Flash® & Silverlight®
Web Performance Monitor or WPM is a complimentary solution to SAM. WPM is used to measure the performance of web applications from a user perspective.
This could be for an internal web application like an ERP or HR application with users in multiple offices. Or, this could be for an external / e-Cormmerce website with users in locations for which the company have no physical presence. Users expect pages to load in a few seconds – if not, they quickly move on to another site. We have all been guilty of that. So, measuring the response time from a user perspective is very important.
This is achieved by first recording a typical set of user interactions on the website (step 1 could be login, step 2 - fill out some details, step 3 - submit a request, step 4 - run a report, etc) and then generate this traffic over and over again to the website in a robotic fashion using a WPM Player. If this for an internal website, the players can be installed in the various offices. If it’s for an external website, WPM allows you to seamlessly provision and configure the player on the Amazon EC2 cloud using your Amazon login. Amazon allows you to pick a datacenter (Japan, Sydney, Ireland, US East, etc) for this player. You can now have a perspective of the response time from different points across the globe!
WPM can also be used to validate content including images on these pages and can be used to detect incidents like websites being de-faced.
WPM also provides an excellent visualization for the response time of every step to break down the response time to DNS, time to first byte, etc. Sometimes the issue is just with the DNS server in the remote office, and not the website.
By continuously measuring the response time, you can catch issues before it affects real user experience. This measurement can be done as often as 1 minute. WPM can handle popular browser plugins like Java, AJAX, Flash and Silverlight.
All the reporting and alerting is done centrally from the WPM server.
LICENSING
It is a simple licensing model based on number of recordings assigned to players. The number of steps in the recording do not matter. If 1 recording was assigned to 5 players – it requires 5 licenses. Whether the recording has 5 steps or 10 steps, and whether the user experience is measured every 1 minute or 5 minutes, it is still 5 licenses for this example.
© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

25. VMan Product Overview Virtualization Manager
Virtualization Performance, Capacity Planning, Sprawl management and Chargeback
VMan Highlights
Supports VMware vSphere® & Microsoft Hyper-V
Deep hypervisor monitoring to identify performance bottlenecks
Comprehensive Capacity Planning for all Compute Resources
Determine Optimal VM Placement, and Identify Capacity Needs
Find Idle/Stale, Orphaned and Over-allocated VMs
Integrates with SAM/SRM/WPM for AppStack visibility
Virtualization Manager or VMan for short is another award winning software that is specifically designed for virtual environments. It provides a single interface to detect performance bottlenecks, capacity planning, sprawl management and chargeback which are typical requirements in virtual environments. VMan currently supports VMware vSphere and Hyper-V.
In an virtual environment, you have physical servers possibly using SAN storage and you create virtual servers or virtual machines using the magic of hypervisor software like vSphere and Hyper-V. So, the hypervisor is the middle man that manages the access of the virtual resources (virtual CPUs, virtual memory, virtual NICs, virtual disks) to the physical resources (physical CPU, physical RAM, physical NICs, physical storage). So, it is vitally important to monitor this middleman or hypervisor software to see how effectively it is managing the access between virtual and physical resources. In the physical server world if it is enough to monitor the CPU and Memory usage of server, in the virtual equivalent you will need to also monitor bottleneck parameters like CPU Ready, Memory ballooning, etc. I don’t want to go into what these bottleneck parameters are but the point is virtual environments require a different perspective of monitoring.
VMan does a wonderful job on uncovering these bottlenecks. The implementation literally takes minute. You deploy the virtual appliance with a couple of simple clicks, input the name of the virtual center and it’s credentials, step out for a coffee and when you are back in 10 minutes VMan will show you a color coded list of all the performance and capacity issues affecting your virtual environment. It really is that simple.
In a virtual environment, a new virtual server can be created with a few clicks. For the same reason, you end up with a lot of virtual machines that were busy at one point but no longer actively used. This leads to sprawl. VMan helps to identify these VMs using lots of different criteria so that the administrator can clean up these VMs or resize the VMs based on VMan’s recommendations.
In a virtual environment, you typically buy powerful physical servers and start creating VMs on them. The first few work great but the moment you add the 10th or the 11th or the 12th VM, you might end up overloading the servers and in the process affect the performance all the 10,11 or 12 VMs (and hence the applications on them). VMware’s capacity planning helps administrators avoid those situations by first simulating ‘what-if’ scenarios and identifying the resource that would be a bottleneck (CPU or Memory or Disk IO, etc).
A lot of IT divisions are re-positioning themselves as service centers as opposed to cost centers. This applies to both private and public cloud environments. VMan’s chargeback and showback features provides the ability to determine the cost of this service based on allocation or usage of resources.
Finally, VMan has very tight integration with NPM/SAM. If customers have NPM or SAM, VMan data can be displayed in Orion dashboards, can be alerted and reported on from within the Orion interface. In this scenario, VMan effectively becomes a “poller” for virtualization data. The ability to see OS, Application and Virtualization data all in a single interface is immensely useful for system administrators. VMan also has integration with Storage Manager to seamlessly drill under storage bottlenecks.
LICENSING
Simple licensing model – based on number of sockets (physical CPUs). Most physical servers (ESX host, Hyper-V host) have 2 sockets although some high-end servers can have more than 2.
© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

26. VMan Keywords & Questions
Keywords: VMware, vSphere, vCenter, Hyper-V, Virtual Infrastructure, Capacity Planning, Chargeback, Showback
Qualifying Questions
Do you monitor hypervisor performance in addition to OS/Application performance?
How do you migrate servers from physical to virtual with confidence?
How do you know when to buy more physical servers?
How do you know when to add more CPU or Memory or Storage or Network Capacity?
Keywords – No brainer keywords when VMan is a good fit.
Qualifying Questions
Q. Do you monitor hypervisor performance in addition to OS/Application performance?
A. In a virtual environment, monitoring OS and Hypervisor performance are different sides of the same coin. Use VMan for hypervisor and SAM for OS performance
Q. How do you migrate servers from physical to virtual with confidence?
Use VMan’s capacity planning features to do what-if analysis before creating any new VMs
Q. How do you know when to buy more physical servers?
Use VMan’s capacity planning features to predict when your servers will max out of capacity. It makes business justifications and approvals for hardware spend much easier
Q. How do you know when to add more CPU or Memory or Storage or Network Capacity?
A. VMan’s capacity planning pinpoints which compute resource is the constraint for further expansion.
© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

27. SRM Product Overview Storage resource monitor
Multi-vendor storage performance and capacity monitoring
SRM Highlights
Unified Storage monitoring for multi-vendor storage arrays from EMC®, NetApp®, Dell® and more
Storage LUN views & I/O Hotspot detection
Automated storage capacity planning
Real-time NAS and SAN performance monitoring including Status and usage threshold alerting.
Prebuilt alerts and automatic baselines - Get notified about issues with your devices, LUNs, storage pools/RAID groups, CIFS shares
Integrates with SAM/VMan/WPM for full AppStack visibility
Storage Resource Monitor (SRM) is a multi-vendor storage performance and capacity monitoring solution.
It is pretty typical for enterprise environments to use SAN and NAS Storage from the likes of vendors like EMC, NetApp, IBM, etc. More so in virtual environments. Enterprise storage is expensive both from an OpEx and CapEx perspective, and typically comes with very little monitoring. So, administrators tend to treat these as blackboxes which often leads to inefficient usage of storage capacity.
Storage Resource Monitor provides a single view of multi-vendor storage environments to help administrators understand both the end to end capacity usage and the performance of the storage systems. SRM tracks the capacity all the way from the array, RAID Group, LUN, Datastore, VM to the virtual disk. SRM also does forecasting based on storage usage trends. This helps storage administrators reclaim, resize or repurpose the storage capacity end to end.
At a very high level, storage performance monitoring means measuring how much data is being read/written and how quickly is this data being read/written. STM does an excellent job of monitoring, reporting and trending various storage performance metrics including many metrics specific to vendor technology. It is by far the deepest and broadest storage monitoring solution in the market.
LICENSING
Total number of physical disks (spindles) managed by monitored Storage Systems.
© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

28. SRM Keywords & Questions
Keywords: EMC®, NetApp®, Dell, SAN/NAS. LUN to VM. Storage Capacity. Storage IOPS, Storage Throughput, Storage Latency
Qualifying Questions:
Do you have SAN storage from multiple vendors? If so, how do you get a unified view?
Do you monitor the historical storage performance like IOPS and throughput?
How do you track allocation of LUNs to servers?
How do you track storage capacity all the way to the VM?
How do you know when to add more disks to your SAN storage?
Keywords - No brainer keywords when STM is a good fit. This is especially true when the audience is storage administrators
Qualifying Questions
Q. Do you have SAN storage from multiple vendors? If so, how do you get a unified view?
A. STM provides a unified view of storage capacity and performance for multiple storage vendors and models
Q. Do you monitor the historical storage performance like IOPS and throughput?
A. STM helps storage administrators understand historical load in terms of IOPS and throughput for the array, controller, LUNs, Disks and RAID Groups.
Q. How do you track allocation of LUNs to servers?
A. STM automates the mapping of VMs to LUNs (and vice versa). This allows storage administrators to quickly isolate the VMs or LUNs of interest
Q. How do you track storage capacity all the way to the VM?
A. STM automates the mapping of LUNs to VMs, and provides capacity utilization, trending and forecasting for the array, datastores and virtual disks. This end to end storage utilization tracking allows administrators to fully optimize existing enterprise storage before investing in additional capacity.
Q. How do you know when to add more disks to your SAN storage?
A. STM keeps track of historical usage and generates capacity planning reports for both raw and usable capacity
© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

29. A complete view of the application and its infrastructure layers
Appstack Overview
A complete view of the application and its infrastructure layers
AppStack Highlights
AppStack is NOT a PRODUCT, It Is a UNIFIED VIEW of information collected by SAM/WPM/VMan/SRM
Quickly identify the root cause of application issues within a unified dashboard
Full visibility into the performance of the environment across all layers
Understand relationships and dependencies in the application stack
AppStack brings together SAM/WPM/SRM/VMAN in a compelling end-to-end visualization affectionately referred to as the “AppStack”. AppStack represents a significant market differentiator for SolarWinds by tying together the complete end-to-end story from the application, all the way to the backend storage, and everything in between; allowing users to quickly identify the root cause of issues in seconds rather than hours. I
t is accessible under the ‘Environment’ View under the Home tab in the Orion Web Console and there are ‘mini’ AppStack resources under the various node details views where relevant.
LICENSING
APPSTACK IS NOT A PRODUCT AND THEREFORE IS NOT LICENSED
© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

30. DPA Product Overview Database Performance Analyzer
Gives DBAs, Developers and IT Professionals the ability to quickly diagnose and resolve database performance problems most impacting end-user response time.
DPA Highlights
Identify performance issues using query response time analysis
Isolates root cause in just four clicks
Illustrates historical trends explaining performance over time
Available for SQL Server®, Oracle®, Sybase® & DB2®MySQL®
Agentless. Almost no impact on DB servers
Database Performance Analyzer or DPA (previously known as Confio® Ignite®) helps to quickly diagnose and resolve database performance issues impact end-user response time.
It is a fantastic tool for DBAs (Database Administrators), and equally valuable for developers & IT professionals. In simple terms, DPA asks the database instance every second (every second, not every minute) ‘Hey, what are you waiting on right now?’. In other words, what is preventing the response time of queries to be near instantaneous? The database instance responds by saying ‘Query1 on database1 is waiting for the transaction log to be written. Query2 on database5 is waiting for RAM to be freed up, etc’. You will be surprised to know that database servers maintain this information but is hidden in logs or other tools that lack visualization. DPA uses the historical results of the query wait times and types to slice the data by query or program or machine or user or program, etc. This helps IT professionals including DBAs to arrive at the root cause in no more than 4 clicks. We call it ‘follow the big bar’ approach to drill into the time frame of the incident and pinpoint the wait type. It tells users very clearly that the queries were slow because the disks weren’t fast enough to read or write, or there wasn’t enough CPU or Memory on the database server. We have had many incidents where customers have been able to avoid expensive hardware upgrades by proving with confidence that in fact it was a disk issue and not a server issue. It is an excellent tool to avoid finger pointing and focus on problem resolution.
The icing on the cake is that DPA is completely agentless. Although DPA is querying the DB instances every second, there is less than 1% overhead on the system resources of the DB server.
DPA supports Microsoft SQL, Oracle, Sybase and DB2.
LICENSING
Per DB instance
Hardware upgrade
© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

31. SECURITY MANAGEMENT SOLUTIONS
LEM, FSM, SPM
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

32. LEM Product Overview Log & Event Manager
Powerful SIEM solution for Log Management, Event Correlation and Automated Network Defense
LEM Highlights
Real-time Log monitoring at network speed
Help ensure compliance with regulations like PCI, ISO with audit proven reports
In-memory event correlation
Mitigate threats with Active Responses
USB-Defender®
High compression database
Secure virtual appliance
Log & Event Manager or LEM is a powerful SIEM offering from SolarWinds. SIEM stands for Security Information and Event Management. LEM is used for log analysis, event correlation and automated network defense. I will explain what each of these things mean.
First of all, LEM is a virtual appliance. So, LEM doesn’t require any fancy hardware and all that it requires is a VMware or Hyper-V environment.
A lot of users shy away from analyzing logs because of the sheer volume of the logs. Firewall and Active Directory logs alone is enough to intimidate users. A lot of the log analysis solutions in the market expect users to be mini-programmers and know regular expressions and such. LEM’s design philosophy is to enables users to analyze millions of log messages with point & click / drag & drop interactions with the interface. I always like sharing this story – we have a long time NPM customer who downloaded LEM out of curiosity. He pointed his Cisco ASA logs to LEM, and started seeing lots of events in the console. He contacted the sales rep and we got on a remote meeting. We saw lot of TCPTrafficAudits and ICMPTrafficAudits which was consistent with firewall logs. We used a visualization technique in LEM called ‘Word Cloud’ where the font size of a word is directly proportional to the number of occurrences of that word, and he said ‘hang on. why is this IP appearing so many times’. Click and zoom and we saw the event details and it was using the wrong firewall interface. and his response was ‘oh my goodness. This traffic should never be permitted through this firewall interface’. All this literally took 15 minutes, and this traffic has been permitted in his firewall for years but no action was taken due to lack of effective tools. The next day we had a PO for LEM.
In addition to helping users visualize their logs for effective troubleshooting, one of the key strengths is that it is a true real-time log monitoring solution. The events from the servers are picked up by LEM even before the logs get written to the local event logs. If you look at some of the other solutions, they claim to be real-time but they are actually polling every 5 minutes. That’s not real-time. Is it?
So, the logs are being collected in real-time and also being correlated in real-time in memory. Again, unlike other solutions which focus so much on storing the logs first and then an engine on analyze these logs, LEM does the correlation in real-time. So, what is correlation and why does real-time & in-memory matter? If I fat finger my password, it is considered normal and users don’t expect to be alerted for such an event. However, if there were 5 failed login attempts all my laptop in a 1 minute time window, especially after business hours, it is definitely something suspicious. Same thing for the firewall – if there are a 1000 deny attempts in a 10 second window all from the same machine or all trying to reach the same IP, it is unusual. These are some simple examples of correlation. And, LEM can do this across all the monitored devices. So, you can look for 10 failed login attempts for my account in a 1 minute window, no matter where it happens on the network (switch, firewall, server, anywhere).
In response to these correlated conditions, LEM can take preventive actions like blocking an IP, disabling networking, shutting down a service, kill a process, etc so that the risk is mitigated while the administrator gets an opportunity to fix the issue. This ability of LEM is called Active Response. We have customers using it to automatically kill BitTorrent or Wireshark launched on their user PCs, and it becomes an effective complement to end protection strategies.
The other cool feature of LEM is USB-Defender. You can enforce a white list of USB devices to be used on corporate devices even when the devices are not plugged into the network. If a user takes his laptop home, and then tries to copy sensitive data to a USB stick, LEM will prevent that copy if its not an authorized USB device.
Just to re-iterate, all these powerful features do not require any fancy hardware to run. The high compression database allows LEM to store vast amounts of event data. The default 250 GB of alert data generally translates to about 20 TB of original logs!
LICENSING
Number of nodes. A switch or a firewall or a server is all treated the same way for licensing purposes. The volume of logs do not matter. If a server is running IIS and both the IIS application logs + OS logs need to be analyzed, it still consumes just 1 node license.
The only exception is for computers running desktop class OS such as Windows 7, Windows 8, Vista, etc. Customers can purchase an add-on license called LEM Workstation Edition where the per-node licensing is significantly cheaper that the server equivalent.
© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

33. LEM Keywords & Questions
Keywords: Log analysis (firewalls, routers, servers, AD, IDS, IPS, etc), Event correlation, Event consolidation, Compliance, PCI, ISO, Audit, Event consolidation, Log/Event Search/Forensics.
Qualifying Questions
Do you analyze your server, firewall, web server and other logs?
How to you identify the signal from the noise from the millions of log messages?
Do your users frequently lock themselves out but don’t know from where?
Do you know if there is any sensitive data leaving the corporate network via USB?
Do you want to prevent users from using BitTorrent® and other non-standard applications?
Keywords No brainer keywords when LEM would be a good fit
Qualifying Questions
Q. Do you analyze your server, firewall, web server and other logs?
A. If the sheer log volume is intimidating, LEM provides a powerful yet simple interface to make sense of millions of log messages.
Q. How to you identify the signal from the noise from the millions of log messages?
A. LEM’s event correlation capabilities help you to be alerted when unusual activity is detected
Q. Do your users frequently lock themselves out but don’t know from where?
A. Using LEM, you can identify the source machine that users are locking themselves out – in a matter of seconds
Q. Do you know if there is any sensitive data leaving the corporate network via USB?
A. LEM’s USB-Defender feature allows you to track USB activity across servers and workstations, and block usage of unauthorized USB devices even when the laptops are not connected to the network
Q. Do you want to prevent users from using BitTorrent and other non-standard applications?
A. LEM’s Active response capabilities can be used to prevent users from using non-standard applications
© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

34. SPM Product Overview SolarWinds® Patch Manager
Automated Patching of Microsoft® and 3rd Party applications for WSUS or SCCM deployments
SPM Highlights
Centralized Patching of Microsoft Patches and 3rd Party Applications
Pre-Tested Pre-Built Packages for Common Applications
Extends WSUS and SCCM capabilities
Patch Compliance Reporting
Custom Package Wizard
SolarWinds Patch Manager or SPM helps to automate the patching for both Microsoft and 3rd party applications in a WSUS and/or SCCM environment.
I am sure everyone is aware how often Microsoft releases patches for it’s OS and applications. When it comes to patching Windows computers (servers and desktops), Microsoft offers 2 solutions – a free solution called WSUS and a commercial offering called SCCM. The idea is that WSUS (pronounced ‘W Suss’ or ‘WuSus’) server downloads all the patches from Microsoft, and all the computers get their updates from the WSUS server rather than each and every computer going out to the internet to download patches from Microsoft. Apart from the obvious internet bandwidth gain, it also helps administrators control which patches actually get deployed to their computers. While WSUS itself is very reliable, it offers very little control on which computers get which updates & when. If Microsoft were to release a very critical security fix and you want to roll out that fix now, it is a very tedious process to get those updates to all the computers. The process is compounded by the frequency at which 3rd party vendors like Adobe®, Firefox®, Oracle (Java®) are releasing critical security updates. To solve this problem, SPM users can synchronize with a pre-tested and pre-built SolarWinds catalog for 3rd party patches and SPM can provide better command & control for effectively targeting & scheduling both Microsoft and 3rd party patches. Updating some of these 3rd party applications (esp Java) can be very tricky – and SPM defines all the necessary pre- and post- actions that are necessary to successfully update these applications. It is important to note that SPM doesn’t require any significant changes to existing patch infrastructures. WSUS is still required to be in place.
If a customer already SCCM in place, it is usually to overcome the same challenges of command & control solved by SPM. The main challenge solved by SPM is an SCCM environment is to provide 3rd party content.
If there are applications to patch outside the SolarWinds catalog, users can build packages themselves using a Package Wizard available in SPM. The effort is obviously a bit more compared to the pre-tested and pre-packaged ones in the SolarWinds catalog but the extensibility is there never the less.
And, of course you can generate reports on how many machines are missing critical patches, etc.
The Patch Manager architecture is very unique and the same software can be deployed in different roles to minimize bandwidth usage as well as to restrict most of the communication to the LAN. SPM can also cut across multiple domains and customer networks. For this reason, MSPs can use SPM to take on patching services for their customers and manage it all from a central application server.
LICENSING
The number of managed nodes. Any computer whose patch deployment is controlled by SPM or any computer that gets it’s 3rd update from a SolarWinds catalog is counted as a managed node. This applies equally to both WSUS and SCCM managed environments.
© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

35. SPM Keywords & Questions
Keywords: WSUS, SCCM 2007 / 2012, Windows Patches, 3rd Party Patches (Adobe®, Chrome™, iTunes®, Mozilla®, Java®, etc), Windows Security Updates
Qualifying Questions
How much time do you spend to package, test and rollout a 3rd party security patch to all your users?
Do you need to handle patching across multiple Windows domains?
Do you need the ability to patch on demand rather than wait for the next patch cycle?
Do you stay back after hours just to approve updates?
Do you want better control of scheduling patches to different computer groups?
Do you need to generate compliance / security reports on the patching status?
Keywords - No brainer keywords when SPM is a good fit
Qualifying Questions
Q. How much time do you spend to package, test and rollout a 3rd party security patch to all your users?
A. Users typically spend about 4 hours to test and package a single 3rd party patch. And, not to mention keeping track of when these 3rd party vendors release their patches. Save time and get peace of mind by using SPM instead and synchronize with a single source to know new updates are released for all the supported 3rd party vendors and applications.
Q. Do you need to handle patching across multiple Windows domains?
Patch Manager uses certificate based authentication for communication between it’s servers, and doesn’t require domain trusts to be setup. So, it can cut across multiple domains to centrally manage patches across multiple domains
Q. Do you need the ability to patch on demand rather than wait for the next patch cycle?
Don’t rely on Group Policy schedules anymore. Use SPM to have better command and control, and have the flexibility to do both scheduled and ad-hoc patching tasks
Q. Do you stay back after hours just to approve updates?
With SPM, you can schedule the approval of updates so that the approval kicks in just before the change management window. You don’t have to stay back late just for approving updates
Q. Do you want better control of scheduling patches to different computer groups?
SPM can leverage things like Active Directory OUs to control scheduling of patches
Q. Do you need to generate compliance / security reports on the patching status?
A. SPM can automate report generation on patch status for compliance and security purposes.
© 2014 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

36. WEB HELP DESK, daMEWARE, MOBILE ADMIN
IT HELPDESK
WEB HELP DESK, daMEWARE, MOBILE ADMIN
© 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

37. WHD Product Overview Web Help Desk
Web-based IT Helpdesk software including IT Asset discovery and Management
WHD Highlights
to Tickets
Customizable Service Request routing, approval and escalation procedures
Knowledge base
Asset Discovery and Asset Management
Billing and Parts management
2-Way Orion® Alert Integration
Simple technician based licensing
Web Help Desk as the name suggests is a web based IT helpdesk software. We call it WHD for short.
It has all the features you would expect from a helpdesk software – customizable ticket types and fields, convert an to a ticket, integration with Active Directory, knowledge base, and so on. In WHD terminology, an user who would handle the tickets is called a technician and an user who would open tickets is called a client.
With AD integration, both clients and technicians can login using their domain accounts. The technicians can customize the various ticket types (we call them request types) so that the relevant information is supplied based on the ticket purpose – request to create a new distribution list vs request to procure a new laptop. Helpdesk managers can set SLAs for these request types, and automatically escalate when the tickets aren’t handled within the SLA timeframes. Or, they may want to bump up the priority to the highest level when a CXO opens a ticket. Also, certain requests require approval before a technician can take actions. For example, if I need a new laptop, my manager needs to approve first and a person in finance needs to approve after my manage approves. These organizational specific processes can be easily defined in WHD.
WHD can also synchronize the assets from a variety of CMDBs including the Orion database. WHD also has a discovery engine to discover Windows servers and PCs. You can use this to run reports to say things like ‘Printer ABC resulted in the most number of tickets, etc’
The most common way of generating an automated ticket from a monitoring system is to send an to a designated mailbox. If the monitoring system happens to be Orion, WHD offers direct 2-way integration with Orion alerts. So, an alert is raised in Orion – WHD can automatically open a ticket. If someone then picks up the incident in WHD and adds a note, it would be visible in the Orion console as well. This is a great add-on for Orion users to have a streamlined incident management process as opposed to alert handling via s.
WHD licensing is based on number of technicians. The number of clients or assets do not matter. This makes it very predictable for customers.
LICENSING
The number of technicians.
© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

38. Dameware Product Overview dameware remote support
Remote Administration Software for an Unlimited Number of End-Users
DameWare Highlights
Quick & easy remote access to Windows®, Linux®, & Mac OS® X desktops, laptops and servers within the network or over the internet
Remotely troubleshoot & manage Windows servers and workstation
Remotely reboot systems, start/stop services & processes, copy/delete files, view & clear event logs
Manage multiple AD domains, users & groups, and remotely reset passwords
Gain remote access to Windows computers from iOS® & Android® devices
© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

39. MOBILE ADMIN Product Overview
Mobile IT monitoring & management for after-hours support
Mobile Admin Highlights
Troubleshoot & resolve IT issues in a few clicks from any smartphone or tablet
Supports all key IT infrastructure technologies – AD, VMware, Backup Exec™, Exchange™ & more!
Integrates with the Orion Platform Products
Delivers real-time alerts and statuses on your Android, iOS, and Blackberry® devices
Remote control with SSH®, Telnet, VNC, RDP, proxy via Mobile Admin Server or direct connect
© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

40. Recap - SolarWinds Product Integration
Alert Central™
*FREE* Centralized IT Alert and On-Call Management
Scalability Engines
(Enterprise Operations Console, Polling Engines, Web Server, Fail Over)
Firewall Security Manager
Firewall
Security Analysis
Engineer’s Toolset
Real-Time Monitoring & Diagnosis
Direct Integration
Network Performance Monitor
Fault & Perf Monitoring
VoIP & Network Quality Manager
VoIP/Network Quality Analysis
Network Configuration Manager
Network Configuration Management
IP Address Manager
IP Address Management
NetFlow Traffic Analyzer
Traffic Analysis
User Device Tracker
Network User and Port
Tracking
AppStack Enabled
Server & Application Monitor
Servers & App Management
Web Performance Monitor
Web Experience
Monitoring
Virtual-ization Manager
Virtualization
Management
Storage Resource
Monitor
Storage
Patch Manager
Patch
Management
Direct
Integration
“Orion® Platform” Based Products
Log & Event Manager
Log and Event
Management
(SIEM)
Web Help Desk
Help Desk
DameWare
Remote Control and
Active Directory® Admin
Other Products – Misc. Integration
Other Transactional
Products
Network Topology Mapper (NTM), Kiwi Syslog®, CatTools®, Serv-U MFT, Mobile Admin
Misc. Integration
The ‘Orion Platform’ is at the core of the SolarWinds IT Management Portfolio. It is an organically developed platform which provides a stable and scalable architecture and includes data collection, processing, storage and presentation.
The Platform provides common features like network node discovery, dashboards, reports, alerts, SNMP traps, Syslog, Groups, etc that be leveraged across all these products. So, if you installed NPM, UDT and SAM on the same server for example, they all use the same database and the data all comes into the same dashboard. You can create groups using monitored objects across all 3 products and the alert definition process is the same for all 3 products.
Here are some points to note about the Orion Platform
Windows Based – Microsoft Operating System & Database
8 Products Based on this Platform – 6 Network, 4 Systems
3 Further Products with Direct Integration – 2 Network, 1 Systems. Direct Integration allows these products data and functions to be accessed from with the Orion Web Console
3 Further Products with various levels of integration such as exchanging alerts
© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

41. Orion Platform Scalability
Additional Polling Engines
Expands the number of elements, applications etc. that you can monitor
Distribute the polling load between multiple servers to provide scalability for large networks
Can be deployed Centrally or Remotely
Enterprise Operations Console (EOC)
Consolidated view of data across multiple Orion Deployments
Failover engine (FOE)
Protects your Orion Server(s). Automatically fails over to Secondary server(s) in the event of a issue
Can be deployed in either High Availability (Local Network) or Disaster Recovery (Separate DR site)
Active/Passive Solution
Web Server Engine
Run the Web Console on a separate Server
Enables greater user access and increased deployment flexibility
For more info see Scalability Engine Guidelines
Additional Polling Engines
Extend your monitoring with the addition of Additional Polling Engines and greatly expand the number of elements or applications that you can monitor. With Additional Polling Engines, you can distribute the polling load for your Orion platform* installation between multiple servers to provide scalability for large networks and reduce the impact on poller performance as a result of rapid growth within your virtual infrastructure.
Additional polling engines support Orion platform products which include: SolarWinds Network Performance Monitor (NPM), SolarWinds Server & Application Monitor (SAM), SolarWinds NetFlow Traffic Analyzer (NTA), SolarWinds Network Configuration Manager (NCM), SolarWinds VoIP & Network Quality Manager (VNQM), SolarWinds User Device Tracker (UDT), and SolarWinds Web Performance Monitor (WPM
Enterprise Operations Console (EOC)
Gain at-a-glance insight into enterprise network performance. SolarWinds Enterprise Operations Console provides a consolidated command center to monitor your entire enterprise network and gives you unified visibility into remote Orion deployments throughout your geographically distributed networks.
Failover Engine (FOE)
SolarWinds Failover Engine (FoE) monitors the health of your Orion platform* server to ensure you never lose visibility. If something should happen to your primary Orion platform server, FoE automatically fails over to a remote server. The passive failover server assumes the full identity of the primary server and assumes all monitoring, alerting, reporting, and data collection. FoE’s switchover is an automatic, seamless, and transparent process that ensures data collection continuity. FoE is an ideal disaster recovery solution for networks that demand high availability and performance.
Provides two minute failover for your business critical IT management system
Delivers instant notification when key thresholds of your IT management system are crossed
Supports the customization of failover rules which can trigger based on application, system, process, and service health thresholds
Web Server Engine
By adding an Orion Web Server Engine, the Orion Web console can run on a different machine than the main Orion server, enabling greater user access without affecting performance and providing increased scalability and deployment flexibility.
© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

42. Adobe Flash Demos – Non-Orion Products
Useful Resources
Resource
Link
What we’re working on!
(Product Roadmap info)
Library & Support pages
(Includes useful links for all products)
SE Demo Site (Recorded Multi Lingual Product Demos)
The Resource Center
(Case Studies, Whitepapers etc)
SolarWinds Certification Program
Main Documentation Page
YouTube Video Channel
Partner Solutions Training Series
NPM Solutions Training
IPAM Solutions Training
SAM Solutions Training
Interactive Demo Site
URL
Orion Platform
Orion Integrated (All Orion Platform Modules & Products with Direct Integration)
oriondemo.solarwinds.com
Network (NPM, NTA, NCM, UDT, IPAM, VNQM)
network.demo.solarwinds.com
Systems (SAM, WPM, Patch Manager)
systems.demo.solarwinds.com
Configuration (IPAM, NCM, UDT)
configuration.demo.solarwinds.com
Orion Integrated - Japanese (JP + EN modules)
oriondemo.solarwinds.jp
Localized - Japanese (JP modules only)
localized.demo.solarwinds.jp
Orion Integrated - German
oriondemo.solarwinds.de
Localized - German
localized.demo.solarwinds.de
Non-Orion Platform
LEM - Live Demo
Virtualization Manager
virtualization.demo.solarwinds.com
Storage Manager
storage.demo.solarwinds.com
Web Help Desk
whddemo.solarwinds.com
EOC
eocdemo.solarwinds.com
ipMonitor (v10.5)
ipmonitor.demo.solarwinds.com
FTP Voyager & Serv-U (Rhinosoft)
Adobe Flash Demos – Non-Orion Products
LEM - (Flash Demo)
Firewall Security Manager (Flash Demo)
Patch Manager (Flash Demo)
Mobile Admin (Flash Demo)
© 2014 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.

43. The SOLARWINDS and SOLARWINDS & Design marks are the exclusive property of SolarWinds Worldwide, LLC, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries.  All other SolarWinds trademarks, service marks, and logos may be common law marks, registered or pending registration in the United States or in other countries.  All other trademarks mentioned herein are used for identification purposes only and may be or are trademarks or registered trademarks of their respective companies.
© 2015 SOLARWINDS WORLDWIDE, LLC.  ALL RIGHTS RESERVED.