Warning: This site is under construction, most links will be broken.
Applications -> Neutron NMS (Network Management System)
Last modified on Sat, 13th Feb 2010 at 12:47 UTC by zipplet


System overview - what is Neutron?
Picture one of these:
- You're a teacher and you are sitting down trying to teach a class, but a couple of students keep disrupting it and laughing at something they are doing on the computer - but when you go to investigate they close it.
- You're a network administrator and can't remember what IP addresses have been assigned to static machines. A network scanning tool works but doesn't tell you what OS each machine runs or what programs are installed so you have no idea what's what. You spend hours trying to make a list, then find it's incomplete later on anyway.
- You currently use cloning to deploy windows and want to make your cloning procedure more efficient (neutron includes special tools to help)
- You're trying to roll out a new program on your network and need to know which machines already have an earlier version of the program before you begin.
- You manage a large network of hundreds of machines and want to automate software auditing.
- Your Microsoft (R) Active Directory domain has machine members with duplicate SIDs and you need this automatically detected and repaired.
- You need to automatically shut down workstations at the end of the working day, but only if no-one has used them for a while.
- You want to log what programs are used by which users.
- You'd like to blacklist applications such as games.
- You want to remotely help a user without leaving your desk.
Neutron Network Management System (NMS) was created to solve these problems and many more. It is an extensive client-server network management suite that makes administration of small to large networks easy and improves productivity.
It has features ranging from micro-management (remote control of stations) to macro-management (network-wide application banning, auditing, application/patch deployment).
Neutron Technology
The backend server runs on either Linux, BSD with Linux compatibility, or Windows 2000/2003. One server can handle thousands of clients (around 300 simultaneous clients were tested in a real world environment under Linux, but simulated tests show that a lot more (10,000 tested with a load testing program!) are possible on a medium-spec (1.6Ghz P4) machine).
This is made possible with a custom packet switching/handling layer called switchboard that is unique to Neutron NMS. Packets are routed intelligently through the server and processed in the most efficient way. Layered encryption is used so that entire packets don't need to be decrypted when inspected by the server. If the server can answer a query it will, rather than passing it onto a client machine.
At the server core is a very lightweight and lightning fast operating system abstraction layer called lcore that allows identical code to run on Windows and Linux. This core is a run time library that provides a service environment (linux daemon or windows service), network connectivity that is IPv6 aware, and support for fast event engines on linux such as epoll.
A very lightweight database called zdb is used to hold the Neutron directory - which stores information about stations and the users who have used them. zdb is faster than a SQL database for the simple queries that Neutron makes. Active Directory integration is planned but not essential as Neutron is quite happy to build it's own directory.
A strong emphasis is placed on low CPU usage and especially low network bandwidth utilisation.
Deployment
The server does not need a static IP although it is desirable. Clients will automatically seek out the server. Traffic is encrypted for privacy. Larger data packets are compressed to save network bandwidth but never at the cost of excess CPU usage.
The client software is automatically kept up to date by the server due to how the system is designed, reducing costs associated with patching/updating software. You only need to roll out a single update on the server, and the server handles the rest. The server may support automatic updates over the internet as well, to further reduce costs.
Currently, only Windows 2000, XP and Vista are supported as client operating systems.
There are various ways to deploy the neutron client - for example if you use Novell Netware you can deploy it to all of your machines by adding a single line to your logon script and making a bootstrap binary available on a public share. The admin client requires no installation at all. You can run it from a USB flash disk if you desire.
Administration
Administrators use a special admin client to authenticate with the server and perform administrative tasks. The admin client has a clean MDI style interface, and can sit in the system notification area, displaying balloon popups when administrator attention is required. An administrator may sign on from any machine on the network, they are not tied to a specific workstation.
Project status
The Neutron server, client and admin client all work and most of the remote administration features are working.
There is also a bug tracker available.
Features
Here is an uncomprehensive list of features. Some of these are already implemented; others are work in progress or future developments.
Subject to change, work in progress - features may be omitted or added based on requirements.
- Remotely see what a user is doing on a machine
- Take control of a station (keyboard and mouse) this is useful for remote help as well as directing students back to work and away from games
- Shutdown, reboot or logoff users remotely
- Send messages to users, groups of users, rooms or the entire network - useful to warn of service outages
- Remote task manager
- Start/kill tasks
- Application blacklisting
- Direct3D application whitelisting (prevent even new games but allow specified programs)
- Log who uses which machine and when
- Log of accessed applications by user
- Find machines by user, MAC address, IP address, logon time or name
- List users by machine names (e.g. all users in Room 5)
- Automatically generated directory that can be searched, browsed and exported
- Audit applications on machines
- Push remote updates for other applications
- Force machines to lock until unlocked by a Neutron administrator
- Generate printable reports for auditing purposes or investigations e.g. list of programs accessed by user "john" between dates ddmmyy-ddmmyy including machine used and time
- Show all network activity on a machine - is that machine host to a chat server when it shouldn't be?
- Neutron can be configured to warn a user when they forget to save documents in their home directory and save in the wrong place
- Permissions system for Neutron administrators to control which administrators have access to which features e.g. teachers cannot restart the server but IT staff can
- Target - close all applications started by the user except a chosen one (e.g. Word) and bring that application to the front and maximise it to focus a user on that task
Best of all, these features are all designed to be easy to use even for the novice administrator yet powerful enough for the advanced administrator.
Cloning / ghosting specific features
These features are all optional and are not part of the main Neutron client.
- Automatic machine name suggestions. This is possibly the single most useful feature in the cloning toolkit. Neutron remembers the previous machine name assigned based on the MAC address. It will suggest this name when you next name the machine.
- Duplicate SID finder for use with Active Directory
- Duplicate SID repair
- Machine clone version control - add versions to your clone images and see what versions are deployed across your network at the click of a mouse
- Cloning preparation wizard - a simple way to prepare machines for cloning that automates use of the sysprep tool, prepares dummy machine names and generates a new SID when each machine is then ghosted
- New clone wizard - runs when you first boot a newly cloned machine and asks for the computer name and other per-machine information. Customisable to the clients needs (for example also setting a Printer environment variable). Can also join the machine to a domain. This differs from microsoft 'pre-setup' in that there is a facility to allow the user to integrate other tasks such as running Flash and entering a serial number by hand. You can also close the wizard and the machine is left alone.
- Contacts Neutron to help ensure you name machines correctly before you create nonsense machine names on the domain eliminating time spent going back to the domain and deleting wrongly-added machines. Easily overriden.
(further information to be written about cloning utilities)